70a733c2...c7bd | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 96/100
Dynamic Analysis Report
Classification: Trojan, Dropper

70a733c2d090e38aeeae220035fb6e388d05076435439062a2f184336ecac7bd (SHA256)

setup.exe

Windows Exe (x86-32)

Created at 2019-02-21 08:45:00

Notifications (2/2)

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The operating system was rebooted during the analysis.

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x5d8 Analysis Target High (Elevated) setup.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe" -
#2 0x600 Child Process High (Elevated) taskkill.exe taskkill /F /IM sql /T #1
#5 0x818 Child Process High (Elevated) taskkill.exe taskkill /f /im mysqld.exe #1
#6 0x844 Child Process High (Elevated) taskkill.exe taskkill /f /im sqlwriter.exe #1
#7 0x870 Child Process High (Elevated) taskkill.exe taskkill /f /im sqlserver.exe #1
#8 0x89c Child Process High (Elevated) taskkill.exe taskkill /f /im sqlservr.exe #1
#9 0x8c8 Child Process High (Elevated) taskkill.exe taskkill /f /im SQLyog.exe #1
#10 0x8f4 Child Process High (Elevated) taskkill.exe taskkill /f /im httpd.exe #1
#11 0x920 Child Process High (Elevated) taskkill.exe taskkill /f /im ApacheMonitor.exe #1
#12 0x94c Child Process High (Elevated) taskkill.exe taskkill /f /im mysqld-nt.exe #1
#13 0x978 Child Process High (Elevated) taskkill.exe taskkill /f /im sqlceip.exe #1
#14 0x9ac Child Process High (Elevated) taskkill.exe taskkill /f /im sqlbrowser.exe #1
#15 0x9d8 Child Process High (Elevated) taskkill.exe taskkill /f /im FileZillaServer.exe #1
#16 0xa04 Child Process High (Elevated) taskkill.exe taskkill /F /IM chrome.exe /T #1
#17 0xa30 Child Process High (Elevated) taskkill.exe taskkill /F /IM ie.exe /T #1
#18 0xa5c Child Process High (Elevated) taskkill.exe taskkill /F /IM firefox.exe /T #1
#19 0xa88 Child Process High (Elevated) taskkill.exe taskkill /F /IM opera.exe /T #1
#20 0xab4 Child Process High (Elevated) taskkill.exe taskkill /F /IM safari.exe /T #1
#21 0xae0 Child Process High (Elevated) taskkill.exe taskkill /F /IM taskmgr.exe /T #1
#22 0xb0c Child Process High (Elevated) taskkill.exe taskkill /F /IM 1c /T #1
#23 0xb38 Child Process High (Elevated) taskkill.exe taskkill /F /IM excel.exe /T #1
#24 0xb64 Child Process High (Elevated) taskkill.exe taskkill /F /IM mspub.exe /T #1
#25 0xb90 Child Process High (Elevated) taskkill.exe taskkill /F /IM winword.exe /T #1
#26 0xbbc Child Process High (Elevated) taskkill.exe taskkill /F /IM powerpnt.exe /T #1
#27 0xbe8 Child Process High (Elevated) taskkill.exe taskkill /F /IM notepad.exe /T #1
#28 0x588 Child Process High (Elevated) taskkill.exe taskkill /f /im Microsoft.Exchange.* #1
#29 0x828 Child Process High (Elevated) taskkill.exe taskkill /f /im MSExchange* #1
#30 0x894 Child Process High (Elevated) vssadmin.exe vssadmin.exe delete shadows /all /quiet #1
#32 0x8a4 Child Process High (Elevated) wmic.exe wmic shadowcopy delete #1
#34 0x8f4 Child Process High (Elevated) schtasks.exe schtasks /Create /SC MINUTE /TN "Windows Defender Monitor" /TR "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe" #1
#35 0x610 Created Scheduled Job High (Elevated) taskeng.exe taskeng.exe {0C3AA91E-F11A-45E9-BB3A-18A2AD38FD0E} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1] #34
#36 0x940 Child Process High (Elevated) wdm.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe" #1
#38 0x550 Autostart Medium wdm.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe" -

Behavior Information - Grouped by Category

Process #1: setup.exe
1482 0
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:44, Reason: Analysis Target
Unmonitor End Time: 00:01:09, Reason: Self Terminated
Monitor Duration 00:00:25
OS Process Information
»
Information Value
PID 0x5d8
Parent PID 0x460 (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 404
0x 180
0x 4FC
0x 5AC
0x 474
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
private_0x0000000000090000 0x00090000 0x0018ffff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00193fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory r True False False -
locale.nls 0x001b0000 0x00216fff Memory Mapped File r False False False -
pagefile_0x0000000000220000 0x00220000 0x00226fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000230000 0x00230000 0x00231fff Pagefile Backed Memory r True False False -
private_0x0000000000240000 0x00240000 0x0027ffff Private Memory rw True False False -
pagefile_0x0000000000280000 0x00280000 0x00281fff Pagefile Backed Memory rw True False False -
oleaccrc.dll 0x00290000 0x00290fff Memory Mapped File r False False False -
private_0x00000000002a0000 0x002a0000 0x0031ffff Private Memory rw True False False -
private_0x0000000000320000 0x00320000 0x003fffff Private Memory rw True False False -
pagefile_0x0000000000320000 0x00320000 0x00320fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000330000 0x00330000 0x00331fff Pagefile Backed Memory r True False False -
private_0x0000000000340000 0x00340000 0x0037ffff Private Memory rw True False False -
pagefile_0x0000000000380000 0x00380000 0x00380fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000390000 0x00390000 0x00390fff Pagefile Backed Memory r True False False -
cversions.1.db 0x003a0000 0x003a3fff Memory Mapped File r True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003a1fff Pagefile Backed Memory r True False False -
msctf.dll.mui 0x003a0000 0x003a0fff Memory Mapped File rw False False False -
pagefile_0x00000000003b0000 0x003b0000 0x003b0fff Pagefile Backed Memory rw True False False -
private_0x00000000003c0000 0x003c0000 0x003fffff Private Memory rw True False False -
setup.exe 0x00400000 0x00439fff Memory Mapped File rwx True True False
pagefile_0x0000000000440000 0x00440000 0x0051efff Pagefile Backed Memory r True False False -
pagefile_0x0000000000520000 0x00520000 0x00521fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000520000 0x00520000 0x00523fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000520000 0x00520000 0x00526fff Pagefile Backed Memory r True False False -
private_0x0000000000520000 0x00520000 0x00520fff Private Memory rw True False False -
private_0x0000000000530000 0x00530000 0x0062ffff Private Memory rw True False False -
private_0x0000000000630000 0x00630000 0x0072ffff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00730000 0x0074efff Memory Mapped File r True False False -
private_0x0000000000750000 0x00750000 0x0075ffff Private Memory rw True False False -
pagefile_0x0000000000760000 0x00760000 0x008e7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000008f0000 0x008f0000 0x00a70fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000a80000 0x00a80000 0x01e7ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001e80000 0x01e80000 0x02272fff Pagefile Backed Memory r True False False -
sortdefault.nls 0x02280000 0x0254efff Memory Mapped File r False False False -
private_0x0000000002550000 0x02550000 0x0264ffff Private Memory rw True False False -
private_0x0000000002650000 0x02650000 0x02750fff Private Memory rw True False False -
private_0x0000000002650000 0x02650000 0x0268ffff Private Memory rw True False False -
private_0x0000000002690000 0x02690000 0x0278ffff Private Memory rw True False False -
private_0x0000000002790000 0x02790000 0x028effff Private Memory rw True False False -
private_0x0000000002790000 0x02790000 0x02890fff Private Memory rw True False False -
private_0x0000000002790000 0x02790000 0x0280ffff Private Memory rw True False False -
private_0x0000000002810000 0x02810000 0x0284ffff Private Memory rw True False False -
private_0x00000000028b0000 0x028b0000 0x028effff Private Memory rw True False False -
private_0x00000000028f0000 0x028f0000 0x029f0fff Private Memory rw True False False -
staticcache.dat 0x028f0000 0x0321ffff Memory Mapped File r False False False -
private_0x0000000003220000 0x03220000 0x03320fff Private Memory rw True False False -
private_0x0000000003220000 0x03220000 0x0331ffff Private Memory rw True False False -
dwmapi.dll 0x74ed0000 0x74ee2fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74ef0000 0x74f6ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
installoptions.dll 0x75050000 0x75058fff Memory Mapped File rwx True True False
riched20.dll 0x75060000 0x750d5fff Memory Mapped File rwx False False False -
shfolder.dll 0x750e0000 0x750e4fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
oleacc.dll 0x75130000 0x7516bfff Memory Mapped File rwx False False False -
propsys.dll 0x75170000 0x75264fff Memory Mapped File rwx False False False -
apphelp.dll 0x75270000 0x752bbfff Memory Mapped File rwx False False False -
profapi.dll 0x752c0000 0x752cafff Memory Mapped File rwx False False False -
userenv.dll 0x752d0000 0x752e6fff Memory Mapped File rwx False False False -
comctl32.dll 0x752f0000 0x7548dfff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
setupapi.dll 0x75840000 0x759dcfff Memory Mapped File rwx False False False -
comdlg32.dll 0x759e0000 0x75a5afff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x75c30000 0x75c56fff Memory Mapped File rwx False False False -
wldap32.dll 0x75c70000 0x75cb4fff Memory Mapped File rwx False False False -
shell32.dll 0x75cc0000 0x76909fff Memory Mapped File rwx False False False -
devobj.dll 0x76910000 0x76921fff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe 952.50 KB MD5: 747e11e777340109feb7b353dbcd6b3d
SHA1: e7c8ec003993866cd780d6a43a98bbddbc656faf
SHA256: dbb10daea806495506658ee45076b995f638281f3041dc5aef413779d28e5f5d
SSDeep: 24576:iD3NaUUZJzWamFTvNI7NqhP3HMuZiwq3lrj:wYOTvNIxOEuJq3Vj
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\uninst.exe 39.45 KB MD5: 2782ef9f5becfdd0c2cc3ed1860b8550
SHA1: 19faa5f3c02cccddd83d49b9261d596c1701e683
SHA256: 0a1cab7c14fd5c203d180452d2596f07a4cf8eede5dd0152a4f0648fdd014736
SSDeep: 768:VnwXBvDMgy+tEfD4qhAJH9c8F0D39uMvmYdlcLYPqB:dwXxggDt6A19c8F0DSYTcLYP2
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsx8EA7.tmp 0.00 KB MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep: 3::
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp 25.87 KB MD5: cbe40fd2b1ec96daedc65da172d90022
SHA1: 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256: 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SSDeep: 24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.21 KB MD5: e2d5070bc28db1ac745613689ff86067
SHA1: 282e080b4cf847174c5c11e4f9157b8c338ecb19
SHA256: d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
SSDeep: 3:l4y6JuO+04oR2AKCvLZvMnKjVo7JsLoCsuv+wylpkzYQYbgNBMy+24zYQYbgQ:lO+BpANOKFLXsuv+wy7FQ4gN2YQ4gQ
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\msvcr120.dll 948.16 KB MD5: 034ccadc1c073e4216e9466b720f9849
SHA1: f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
SHA256: 86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
SSDeep: 12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libssl-1_1.dll 367.00 KB MD5: 235beca4c331599e057f74a311fd0ecf
SHA1: b2c575a9d605d37d00916cd08dcebb1f7da0ac78
SHA256: 2ddfdf325449d31dce777c4ad8831c5893b1ccaaf79236dbd00b6b844873f8da
SSDeep: 6144:XI2Kfw3fm786OZn2xDvTNPql//9HYc/ZC8GLOQ1KaYN2eZlcJ3hBTX/ilnR+Ixgo:Xlv3fmw6OZ2xDvTNPql//9HYc/ZC8Gi7
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.71 KB MD5: a1835fa51a5f01b7daff28b319820625
SHA1: c79e154fe7f5f9e839f980da4b310f06c462b6a1
SHA256: df7410ab44e43ec60ea7170b277af541dab1120df440007d8a0dd80952764fbd
SSDeep: 12:lOu8dfAgQRvAozcZlikh+g4gNhCz544gNDhdIoiX4NckNzD6lrVf6QoJiXo:6kRvAozcZlvh+g1Ou1Z3iXZkNHQVCQst
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.32 KB MD5: 05895dbc0d8e4961096e0cdbaf4fa4b5
SHA1: 25d561aaf37eb7f1aa5c43cfa885f49ec2e223f2
SHA256: 392e1c1c31e818cc2c149799a8bbbbce48e687f0aac3e2a5f976eb32c12291d0
SSDeep: 6:lOfW84mBpANOKFLXsuvAPgfbci23fti5ewy7FQ4gN2YQ4gNn:lOu8dfAgQRvAozcZlid4gN84gNn
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.37 KB MD5: 0ca1f7d721ca88c0e13037b08c742384
SHA1: dfad8134ccfaf4ea6b1ed7c8b70b38a7e9745403
SHA256: 8fdd12d918055afb445b3e0b28b95b13cb5a0409b594d2071fdc88b3a051d1a9
SSDeep: 6:lOfW84mBpANOKFLXsuvAPgfbci23fti5ewy7FQ4gN2iCEA7VoO+eQ4gNn:lOu8dfAgQRvAozcZlid4gNhCz5s4gNn
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.75 KB MD5: 0b521ba2dc7a295341f05c2abf0a2317
SHA1: d147514f7aa302d0af7f6fc028d76090507486ba
SHA256: 075b9c2db0f6320e92d90b875055d6978bffaa21c2336eed3fc4c67e70719abf
SSDeep: 12:lOu8VTsAgQRvAozcZlikh+g4gNhCz50cd4gNDhdIoiX4NckNzD6lrVf6QoJiX8S:yTdRvAozcZlvh+g1O+cd1Z3iXZkNHQVT
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.40 KB MD5: 31973cddcd7987ad63dae9842780c056
SHA1: b6c44bacb11f9335eca64d6b2f89d7856de63347
SHA256: 09bb773453257bf45bce166c6dc410cd64ddb50441b2e2495d4263096805f2af
SSDeep: 6:lOfW84mBpANOKFLXsuvAPgfbci23fti5ewy7FQ4gN2iCEA7VoOzvTQ4gNN4:lOu8dfAgQRvAozcZlid4gNhCz544gNm
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.74 KB MD5: ff76bb9a349c23ca089367f8290510fc
SHA1: 28ea4ae4edc9466fc876a30ae0c4712cb3a36db7
SHA256: fba1ac5334ea13b6d5628bc4a4663c9b98c0602e93dd8e8fc313f0f05beb2300
SSDeep: 12:lOu8dfAgQRvAozcZlikh+g4gNhCz50cd4gNDhdIoiX4NckNzD6lrVf6QoJiX8S:6kRvAozcZlvh+g1O+cd1Z3iXZkNHQVC8
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.29 KB MD5: 9a91dac6702ef02d4145c82f5f90b6f7
SHA1: 512cc8e7ed1647d639b159d633e820605edd11e6
SHA256: 05e53000e9b82f08a6ad7c69e3bcf6852e3775a602cf49d3b53bc10f2319c1e7
SSDeep: 6:lOfa9pANOKFLXsuvAPgfbci23fti5ewy7FQ4gN2YQ4gNn:lOy7AgQRvAozcZlid4gN84gNn
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp 4.28 MB MD5: c8abc19933a55dd118046b6b9fecaacd
SHA1: e24b059ac4634ba7a728ca60b623be27d36c6de7
SHA256: 3467fc2e914584aac8c79a1d610c48e8529572b0e88ef94f084c4d9e2f6e0559
SSDeep: 98304:06Op2lsm2buvQ/qpyr0kw5Cq4xFAnI1CPwDv3uFtsFgRgyBDfsCNuI2:PAk4vAI1CPwDv3uFtsSRgyBDf14I2
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.70 KB MD5: ad02f5ec9923d4c1381a805305a728d6
SHA1: a9d1f1145f8c675f4e62f81c35dec65ea537aef8
SHA256: a2551812c6e477f2ec4969b1198e264c8535dea07ff995c0b61a915ebf62b444
SSDeep: 12:lOu8dfAgQRvAozcZlid4gNhCz544gNDhdIoiX4NckNzD6lrVf6QoJiXo:6kRvAozcZl+1Ou1Z3iXZkNHQVCQsiXo
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll 14.50 KB MD5: 5d195f1ac9869c208f6c02a5bde6f9c1
SHA1: a8ec993a12708572ca8ca3d1fcbdc25230bdaf10
SHA256: 78012f560bb917218435f4b3ef2e3491bab15647e11ccb90bc117731181134c4
SSDeep: 192:C4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjYK72dwF7dBOne:jn3T5KdHCMRD/R1cOnrjY+BO
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.73 KB MD5: a7d446bfd57cbf4c55194a1972c8a49b
SHA1: 1465e36607f4809a0bc6e6b3302df730f0b6bd3d
SHA256: bf821b9bc3aa246332615307d6ab8344bb5269d65995b1438999dd4c547aabe3
SSDeep: 12:lOu8dfAgQRvAozcZlikh+g4gNhCz50cd4gNDhdIoiX4NckNzD6lrVf6QoJiXo:6kRvAozcZlvh+g1O+cd1Z3iXZkNHQVCL
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.38 KB MD5: f4c26ab968ddcedc57842ec52015735a
SHA1: 36fa9e97f8546d81482f9b11e13d85bd21bf2d83
SHA256: e1a337e5d3c146cd8d99067538114812cb0e02eaa06d5b11c6db906bc2546015
SSDeep: 6:lOfW84mBpANOKFLXsuvAPgfbci23fti5ewy7FQ4gN2iCEA7VoOzvTQ4gNNn:lOu8dfAgQRvAozcZlid4gNhCz544gNN
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.21 KB MD5: d372884b8dd9459efc35b54298cc55d9
SHA1: f3e478006bef54dd86bc5e6a1b04e32fe18fdc70
SHA256: d03407eb978b95db34be400689a4049c75662eb7b0b719d2a6a3dc6440d0182e
SSDeep: 3:l4y6JuO3vYscg4oR2AKCvLZvMnKjVo7JsLoCsuv+wylpkzYQYbgNBMy+24zYQYbs:lOfa9pANOKFLXsuv+wy7FQ4gN2YQ4gNn
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.30 KB MD5: 0aeff4eecb6097650cc89b57eb7fc0ce
SHA1: 5ad75b20eaeb91527fe9122b5fdba0a1e7b57477
SHA256: 98a181b942084d2552d36432b794560599dd82ffaccd596fb4b965db81c5c98c
SSDeep: 6:lOfW/pANOKFLXsuvAPgfbci23fti5ewy7FQ4gN2YQ4gNn:lOuRAgQRvAozcZlid4gN84gNn
False
C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini 0.38 KB MD5: 7f591b6c157a1b318e5179b46a587e05
SHA1: bd61b948b9eb594b9da47f1a1302f792d46ca63a
SHA256: bca7ff9e497fde8d3f091681c5eab5adf3d9f82febeec28da655fc2a3d53018a
SSDeep: 6:lOfW84mBpANOKFLXsuvAPgfbci23fti5ewy7FQ4gN2iCEA7VoOzvTQ4gNn:lOu8dfAgQRvAozcZlid4gNhCz544gNn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libcrypto-1_1.dll 2.01 MB MD5: e9c9e8b1efd08b1a4b2812a3b1db1711
SHA1: 8dc6f785b7033aaec1f5d11aa03711b67a7e88bb
SHA256: 860241aab98a7ea0ddb31d3a4f96aa4d209f8fafc69bf3223de13309f8194565
SSDeep: 49152:7smXGbuvQ/qpyr0kwCACq0vUuPxmxvGAnvGd1CPwDv3uFts5e8S0:7sm2buvQ/qpyr0kw5Cq4xFAnI1CPwDvv
False
Host Behavior
File (1047)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_TEMPORARY, FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libcrypto-1_1.dll desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libssl-1_1.dll desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\msvcr120.dll desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\uninst.exe desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create Directory C:\Users\5P5NRG~1\AppData\Local\Temp\ - False 1
Fn
Create Directory C:\Users - False 2
Fn
Create Directory C:\Users\5P5NRG~1 - False 1
Fn
Create Directory C:\Users\5P5NRG~1\AppData - False 1
Fn
Create Directory C:\Users\5P5NRG~1\AppData\Local - False 1
Fn
Create Directory C:\Users\5P5NRG~1\AppData\Local\Temp - False 1
Fn
Create Directory C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp - True 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz - False 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData - False 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming - False 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender - True 1
Fn
Create Temp File C:\Users\5P5NRG~1\AppData\Local\Temp\nsx8EA7.tmp path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = nsx True 1
Fn
Create Temp File C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = nss True 1
Fn
Create Temp File C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp path = C:\Users\5P5NRG~1\AppData\Local\Temp, prefix = nsi True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe type = file_attributes True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe type = size True 1
Fn
Get Info C:\Users type = file_attributes True 2
Fn
Get Info C:\Users\5P5NRG~1 type = file_attributes True 1
Fn
Get Info C:\Users\5P5NRG~1\AppData type = file_attributes True 1
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local type = file_attributes True 1
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp type = file_attributes True 1
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini type = file_attributes False 2
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp type = file_attributes False 2
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll type = file_attributes False 1
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll type = file_attributes True 2
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz type = file_attributes True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData type = file_attributes True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming type = file_attributes True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe type = file_attributes False 2
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libcrypto-1_1.dll type = file_attributes False 2
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libssl-1_1.dll type = file_attributes False 2
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\msvcr120.dll type = file_attributes False 2
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\uninst.exe type = file_attributes False 2
Fn
Get Info C:\ type = file_attributes True 1
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini type = file_attributes True 1
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp type = file_attributes True 1
Fn
Get Info C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ type = file_attributes True 1
Fn
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe size = 512, size_out = 512 True 74
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe size = 32768, size_out = 32768 True 63
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe size = 10436, size_out = 10436 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe size = 4, size_out = 4 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe size = 16384, size_out = 16384 True 126
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 4, size_out = 4 True 10
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 10471, size_out = 10471 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 211, size_out = 211 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 16384, size_out = 16384 True 269
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 10110, size_out = 10110 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 14848, size_out = 14848 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 8704, size_out = 8704 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 9216, size_out = 9216 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 15360, size_out = 15360 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe size = 10920, size_out = 10920 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 4256, size_out = 4256 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe size = 37376, size_out = 37376 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 1102, size_out = 1102 True 1
Fn
Data
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 3023, size_out = 3023 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 32768 True 96
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini size = 211 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp size = 16384 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp size = 10110 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll size = 14848 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 30504 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 30577 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 31726 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 11645 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 32557 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 25560 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 26602 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 30006 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 29724 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 30593 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28364 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28148 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28362 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 32580 True 2
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 20215 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28122 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe size = 16384 True 59
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe size = 8704 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 21128 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 16384 True 3
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 16379 True 2
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 16290 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 16288 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28273 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 26843 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 19275 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 27341 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 21657 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 27262 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 23452 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 20925 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libcrypto-1_1.dll size = 16384 True 128
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libcrypto-1_1.dll size = 9216 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 30846 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 25179 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libssl-1_1.dll size = 16384 True 22
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\libssl-1_1.dll size = 15360 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 30769 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 26297 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 25900 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 25915 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 31929 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28570 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 26968 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 27430 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 26813 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 30653 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28335 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 24842 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 27475 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 29072 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 27174 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 28168 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 11646 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nss8ED7.tmp size = 16419 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\msvcr120.dll size = 16384 True 59
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\msvcr120.dll size = 4256 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\uninst.exe size = 37376 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\uninst.exe size = 3023 True 1
Fn
Data
Delete Directory C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ - True 1
Fn
Delete C:\Users\5P5NRG~1\AppData\Local\Temp\nsx8EA7.tmp - True 1
Fn
Delete C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp - True 1
Fn
Delete C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll - True 1
Fn
Delete C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini - True 1
Fn
Delete C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp - True 1
Fn
Registry (2)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Write Value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value_name = Windows Defender Monitor, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe, size = 71, type = REG_SZ True 1
Fn
Process (34)
»
Operation Process Additional Information Success Count Logfile
Create taskkill /F /IM sql /T os_pid = 0x600, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im mysqld.exe os_pid = 0x818, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im sqlwriter.exe os_pid = 0x844, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im sqlserver.exe os_pid = 0x870, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im sqlservr.exe os_pid = 0x89c, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im SQLyog.exe os_pid = 0x8c8, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im httpd.exe os_pid = 0x8f4, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im ApacheMonitor.exe os_pid = 0x920, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im mysqld-nt.exe os_pid = 0x94c, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im sqlceip.exe os_pid = 0x978, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im sqlbrowser.exe os_pid = 0x9ac, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im FileZillaServer.exe os_pid = 0x9d8, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM chrome.exe /T os_pid = 0xa04, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM ie.exe /T os_pid = 0xa30, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM firefox.exe /T os_pid = 0xa5c, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM opera.exe /T os_pid = 0xa88, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM safari.exe /T os_pid = 0xab4, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM taskmgr.exe /T os_pid = 0xae0, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM 1c /T os_pid = 0xb0c, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM excel.exe /T os_pid = 0xb38, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM mspub.exe /T os_pid = 0xb64, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM winword.exe /T os_pid = 0xb90, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM powerpnt.exe /T os_pid = 0xbbc, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /F /IM notepad.exe /T os_pid = 0xbe8, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im Microsoft.Exchange.* os_pid = 0x588, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create taskkill /f /im MSExchange* os_pid = 0x828, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create vssadmin.exe delete shadows /all /quiet os_pid = 0x894, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create wmic shadowcopy delete os_pid = 0x8a4, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create bcdedit /set {default} bootstatuspolicy ignoreallfailures os_pid = 0x0, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE False 1
Fn
Create bcdedit /set {default} recoveryenabled no os_pid = 0x0, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE False 1
Fn
Create wbadmin delete catalog -quiet os_pid = 0x0, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE False 1
Fn
Create wbadmin delete systemstatebackup -deleteOldest os_pid = 0x0, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE False 1
Fn
Create schtasks /Create /SC MINUTE /TN "Windows Defender Monitor" /TR "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe" os_pid = 0x8f4, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Create "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe" os_pid = 0x940, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
Module (31)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\UXTHEME.dll base_address = 0x74ef0000 True 1
Fn
Load C:\Windows\system32\USERENV.dll base_address = 0x752d0000 True 1
Fn
Load C:\Windows\system32\SETUPAPI.dll base_address = 0x75840000 True 1
Fn
Load C:\Windows\system32\APPHELP.dll base_address = 0x75270000 True 1
Fn
Load C:\Windows\system32\PROPSYS.dll base_address = 0x75170000 True 1
Fn
Load C:\Windows\system32\DWMAPI.dll base_address = 0x74ed0000 True 1
Fn
Load C:\Windows\system32\CRYPTBASE.dll base_address = 0x75590000 True 1
Fn
Load C:\Windows\system32\OLEACC.dll base_address = 0x75130000 True 1
Fn
Load C:\Windows\system32\CLBCATQ.dll base_address = 0x76c60000 True 1
Fn
Load C:\Windows\system32\NTMARTA.dll base_address = 0x75100000 True 1
Fn
Load C:\Windows\system32\VERSION.dll base_address = 0x750f0000 True 1
Fn
Load C:\Windows\system32\SHFOLDER.dll base_address = 0x750e0000 True 1
Fn
Load C:\Windows\system32\RichEd20.dll base_address = 0x75060000 True 1
Fn
Load C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll base_address = 0x75050000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x773b0000 True 2
Fn
Get Handle VERSION base_address = 0x0 False 1
Fn
Get Handle SHFOLDER base_address = 0x0 False 1
Fn
Get Handle c:\windows\syswow64\shlwapi.dll base_address = 0x77350000 True 1
Fn
Get Handle c:\windows\syswow64\shell32.dll base_address = 0x75cc0000 True 1
Fn
Get Handle C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\InstallOptions.dll base_address = 0x0 False 1
Fn
Get Handle c:\users\5p5nrg~1\appdata\local\temp\nsi8f36.tmp\installoptions.dll base_address = 0x75050000 True 1
Fn
Get Filename SHFOLDER process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\setup.exe, size = 1024 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\version.dll function = GetFileVersionInfoA, address_out = 0x750f1ced True 1
Fn
Get Address c:\windows\syswow64\shfolder.dll function = SHGetFolderPathA, address_out = 0x750e1528 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = 437, address_out = 0x7736bee6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetUserDefaultUILanguage, address_out = 0x773c44ab True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = 680, address_out = 0x75d144f5 True 1
Fn
Get Address c:\users\5p5nrg~1\appdata\local\temp\nsi8f36.tmp\installoptions.dll function = initDialog, address_out = 0x7505294b True 1
Fn
Get Address c:\users\5p5nrg~1\appdata\local\temp\nsi8f36.tmp\installoptions.dll function = show, address_out = 0x750529a8 True 1
Fn
Window (14)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create Welcome to Windows Defender Monitor Setup class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Create Setup will guide you through the installation of Windows Defender Monitor. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Install to start the installation. class_name = STATIC, wndproc_parameter = 0 True 1
Fn
Set Attribute - index = 18446744073709551595, new_long = 5728191 False 3
Fn
Set Attribute - index = 18446744073709551595, new_long = 5728215 False 2
Fn
Set Attribute - index = 18446744073709551595, new_long = 5728239 False 2
Fn
Set Attribute Welcome to Windows Defender Monitor Setup class_name = STATIC, index = 18446744073709551595, new_long = 5728191 False 1
Fn
Set Attribute Setup will guide you through the installation of Windows Defender Monitor. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Install to start the installation. class_name = STATIC, index = 18446744073709551595, new_long = 5728191 False 1
Fn
Set Attribute - index = 4, new_long = 1963268609 True 1
Fn
Set Attribute - index = 4, new_long = 4209857 True 1
Fn
System (251)
»
Operation Additional Information Success Count Logfile
Get Time type = Ticks, time = 102055 True 2
Fn
Get Time type = Ticks, time = 102071 True 30
Fn
Get Time type = Ticks, time = 102087 True 32
Fn
Get Time type = Ticks, time = 102102 True 5
Fn
Get Time type = Ticks, time = 102196 True 6
Fn
Get Time type = Ticks, time = 102211 True 1
Fn
Get Time type = Ticks, time = 102274 True 2
Fn
Get Time type = Ticks, time = 113802 True 4
Fn
Get Time type = Ticks, time = 113818 True 20
Fn
Get Time type = Ticks, time = 113833 True 9
Fn
Get Time type = Ticks, time = 113865 True 3
Fn
Get Time type = Ticks, time = 113880 True 16
Fn
Get Time type = Ticks, time = 113896 True 18
Fn
Get Time type = Ticks, time = 113911 True 7
Fn
Get Time type = Ticks, time = 113927 True 8
Fn
Get Time type = Ticks, time = 113943 True 19
Fn
Get Time type = Ticks, time = 113958 True 1
Fn
Get Time type = Ticks, time = 114067 True 10
Fn
Get Time type = Ticks, time = 114083 True 4
Fn
Get Time type = Ticks, time = 114099 True 13
Fn
Get Time type = Ticks, time = 114114 True 12
Fn
Get Time type = Ticks, time = 114130 True 7
Fn
Get Time type = Ticks, time = 114145 True 3
Fn
Get Time type = Ticks, time = 114208 True 4
Fn
Get Info type = Operating System True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 13
Fn
Get Info type = OS_WOW6432 True 1
Fn
Ini (70)
»
Operation Filename Additional Information Success Count Logfile
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = Title False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = CancelButtonText False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = NextButtonText False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = BackButtonText False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = NumFields, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = Rect, default_value = 1018 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = BackEnabled, default_value = 18446744073709551615 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = CancelEnabled, default_value = 18446744073709551615 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = CancelShow, default_value = 18446744073709551615 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = RTL, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = TYPE, data_out = bitmap True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = Flags, data_out = RESIZETOFIT True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = State False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = ListItems False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = TEXT, data_out = C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = ROOT False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = ValidateText False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = Filter, default_value = All Files|*.*, data_out = All Files|*.* True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = LEFT, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = TOP, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = RIGHT, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = BOTTOM, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = MinLen, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = MaxLen, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = TxtColor, default_value = 13395456 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = TYPE, data_out = label True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = Flags False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = State False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = ListItems False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = TEXT, data_out = Welcome to Windows Defender Monitor Setup True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = ROOT False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = ValidateText False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = Filter, default_value = All Files|*.*, data_out = All Files|*.* True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = LEFT, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = TOP, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = RIGHT, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = BOTTOM, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = MinLen, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = MaxLen, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = TxtColor, default_value = 13395456 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = TYPE, data_out = label True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = Flags False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = State False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = ListItems False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = TEXT, data_out = Setup will guide you through the installation of Windows Defender Monitor.\r\n\r\nIt is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer.\r\n\r\nClick Install to start the installation. True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = ROOT False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = ValidateText False 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = Filter, default_value = All Files|*.*, data_out = All Files|*.* True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = LEFT, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = TOP, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = RIGHT, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = BOTTOM, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = MinLen, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = MaxLen, default_value = 0 True 1
Fn
Read C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = TxtColor, default_value = 13395456 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = RTL, data = 0 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = Text, data = C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\modern-wizard.bmp True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = NumFields, data = 3 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = NextButtonText True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = CancelEnabled True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = Text, data = Welcome to Windows Defender Monitor Setup True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = Bottom, data = 38 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = Top, data = 45 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = Bottom, data = 185 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = Text, data = Setup will guide you through the installation of Windows Defender Monitor.\r\n\r\nIt is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer.\r\n\r\nClick Install to start the installation. True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 1, key_name = HWND, data = 131526 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 2, key_name = HWND, data = 131528 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Field 3, key_name = HWND, data = 131522 True 1
Fn
Write C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8F36.tmp\ioSpecial.ini section_name = Settings, key_name = State, data = 0 True 2
Fn
Process #2: taskkill.exe
0 0
»
Information Value
ID #2
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM sql /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:52, Reason: Child Process
Unmonitor End Time: 00:00:56, Reason: Self Terminated
Monitor Duration 00:00:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x600
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 330
0x 6C0
0x 588
0x 40C
0x 718
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory r True False False -
locale.nls 0x000b0000 0x00116fff Memory Mapped File r False False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory rw True False False -
taskkill.exe 0x00130000 0x00145fff Memory Mapped File rwx False False False -
taskkill.exe.mui 0x00150000 0x00153fff Memory Mapped File rw False False False -
private_0x0000000000160000 0x00160000 0x00160fff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory rw True False False -
private_0x0000000000180000 0x00180000 0x001bffff Private Memory rw True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d0fff Pagefile Backed Memory r True False False -
private_0x0000000000200000 0x00200000 0x0023ffff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x002bffff Private Memory rw True False False -
private_0x00000000002d0000 0x002d0000 0x0030ffff Private Memory rw True False False -
private_0x0000000000340000 0x00340000 0x0043ffff Private Memory rw True False False -
kernelbase.dll.mui 0x00440000 0x004fffff Memory Mapped File rw False False False -
private_0x0000000000530000 0x00530000 0x0053ffff Private Memory rw True False False -
pagefile_0x0000000000540000 0x00540000 0x006c7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000006d0000 0x006d0000 0x00850fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000860000 0x00860000 0x01c5ffff Pagefile Backed Memory r True False False -
private_0x0000000001cc0000 0x01cc0000 0x01cfffff Private Memory rw True False False -
private_0x0000000001d00000 0x01d00000 0x01d3ffff Private Memory rw True False False -
private_0x0000000001db0000 0x01db0000 0x01deffff Private Memory rw True False False -
private_0x0000000001e20000 0x01e20000 0x01e5ffff Private Memory rw True False False -
private_0x0000000001e60000 0x01e60000 0x01f5ffff Private Memory rw True False False -
private_0x0000000001fa0000 0x01fa0000 0x01fdffff Private Memory rw True False False -
private_0x0000000002040000 0x02040000 0x0207ffff Private Memory rw True False False -
sortdefault.nls 0x02080000 0x0234efff Memory Mapped File r False False False -
private_0x0000000002350000 0x02350000 0x0238ffff Private Memory rw True False False -
private_0x0000000002390000 0x02390000 0x023cffff Private Memory rw True False False -
wmiutils.dll 0x74b20000 0x74b36fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #5: taskkill.exe
0 0
»
Information Value
ID #5
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im mysqld.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:55, Reason: Child Process
Unmonitor End Time: 00:00:57, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x818
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 81C
0x 830
0x 834
0x 838
0x 83C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000fffff Private Memory rw True False False -
taskkill.exe.mui 0x00100000 0x00103fff Memory Mapped File rw False False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
private_0x0000000000160000 0x00160000 0x00160fff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000180000 0x00180000 0x00180fff Pagefile Backed Memory r True False False -
private_0x00000000001c0000 0x001c0000 0x001fffff Private Memory rw True False False -
private_0x0000000000260000 0x00260000 0x0029ffff Private Memory rw True False False -
taskkill.exe 0x002b0000 0x002c5fff Memory Mapped File rwx False False False -
pagefile_0x00000000002d0000 0x002d0000 0x00457fff Pagefile Backed Memory r True False False -
private_0x00000000004b0000 0x004b0000 0x0052ffff Private Memory rw True False False -
pagefile_0x0000000000530000 0x00530000 0x006b0fff Pagefile Backed Memory r True False False -
private_0x00000000006d0000 0x006d0000 0x0070ffff Private Memory rw True False False -
private_0x0000000000710000 0x00710000 0x0080ffff Private Memory rw True False False -
pagefile_0x0000000000810000 0x00810000 0x01c0ffff Pagefile Backed Memory r True False False -
kernelbase.dll.mui 0x01c10000 0x01ccffff Memory Mapped File rw False False False -
private_0x0000000001ce0000 0x01ce0000 0x01d1ffff Private Memory rw True False False -
private_0x0000000001d40000 0x01d40000 0x01d7ffff Private Memory rw True False False -
private_0x0000000001da0000 0x01da0000 0x01ddffff Private Memory rw True False False -
private_0x0000000001de0000 0x01de0000 0x01edffff Private Memory rw True False False -
sortdefault.nls 0x01ee0000 0x021aefff Memory Mapped File r False False False -
private_0x00000000021c0000 0x021c0000 0x021fffff Private Memory rw True False False -
private_0x0000000002280000 0x02280000 0x022bffff Private Memory rw True False False -
private_0x00000000022e0000 0x022e0000 0x0231ffff Private Memory rw True False False -
private_0x0000000002340000 0x02340000 0x0237ffff Private Memory rw True False False -
private_0x0000000002450000 0x02450000 0x0248ffff Private Memory rw True False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #6: taskkill.exe
0 0
»
Information Value
ID #6
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im sqlwriter.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:56, Reason: Child Process
Unmonitor End Time: 00:00:57, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x844
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 848
0x 85C
0x 860
0x 864
0x 868
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
private_0x0000000000070000 0x00070000 0x000affff Private Memory rw True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory rw True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File r False False False -
pagefile_0x0000000000160000 0x00160000 0x00161fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x00170000 0x00173fff Memory Mapped File rw False False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory rw True False False -
kernelbase.dll.mui 0x001a0000 0x0025ffff Memory Mapped File rw False False False -
pagefile_0x0000000000260000 0x00260000 0x00260fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000270000 0x00270000 0x00270fff Pagefile Backed Memory r True False False -
private_0x0000000000280000 0x00280000 0x002bffff Private Memory rw True False False -
private_0x00000000002d0000 0x002d0000 0x0034ffff Private Memory rw True False False -
pagefile_0x0000000000350000 0x00350000 0x004d7fff Pagefile Backed Memory r True False False -
private_0x00000000004e0000 0x004e0000 0x0051ffff Private Memory rw True False False -
private_0x0000000000530000 0x00530000 0x0062ffff Private Memory rw True False False -
private_0x0000000000630000 0x00630000 0x0066ffff Private Memory rw True False False -
private_0x00000000006f0000 0x006f0000 0x0072ffff Private Memory rw True False False -
private_0x0000000000730000 0x00730000 0x0076ffff Private Memory rw True False False -
taskkill.exe 0x00780000 0x00795fff Memory Mapped File rwx False False False -
pagefile_0x00000000007a0000 0x007a0000 0x00920fff Pagefile Backed Memory r True False False -
private_0x0000000000940000 0x00940000 0x0097ffff Private Memory rw True False False -
private_0x0000000000990000 0x00990000 0x0099ffff Private Memory rw True False False -
pagefile_0x00000000009a0000 0x009a0000 0x01d9ffff Pagefile Backed Memory r True False False -
private_0x0000000001da0000 0x01da0000 0x01e9ffff Private Memory rw True False False -
sortdefault.nls 0x01ea0000 0x0216efff Memory Mapped File r False False False -
private_0x00000000021a0000 0x021a0000 0x021dffff Private Memory rw True False False -
private_0x0000000002210000 0x02210000 0x0224ffff Private Memory rw True False False -
private_0x0000000002320000 0x02320000 0x0235ffff Private Memory rw True False False -
private_0x00000000023a0000 0x023a0000 0x023dffff Private Memory rw True False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #7: taskkill.exe
0 0
»
Information Value
ID #7
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im sqlserver.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:56, Reason: Child Process
Unmonitor End Time: 00:00:57, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x870
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 874
0x 888
0x 88C
0x 890
0x 894
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b1fff Pagefile Backed Memory rw True False False -
private_0x00000000000c0000 0x000c0000 0x000cffff Private Memory rw True False False -
taskkill.exe.mui 0x000d0000 0x000d3fff Memory Mapped File rw False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
pagefile_0x0000000000100000 0x00100000 0x00100fff Pagefile Backed Memory r True False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory rw True False False -
pagefile_0x0000000000150000 0x00150000 0x00150fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x001fffff Private Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0032ffff Private Memory rw True False False -
locale.nls 0x00330000 0x00396fff Memory Mapped File r False False False -
pagefile_0x00000000003a0000 0x003a0000 0x00527fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000530000 0x00530000 0x006b0fff Pagefile Backed Memory r True False False -
kernelbase.dll.mui 0x006c0000 0x0077ffff Memory Mapped File rw False False False -
private_0x0000000000780000 0x00780000 0x007bffff Private Memory rw True False False -
private_0x00000000007e0000 0x007e0000 0x0081ffff Private Memory rw True False False -
private_0x0000000000880000 0x00880000 0x008bffff Private Memory rw True False False -
private_0x00000000008e0000 0x008e0000 0x0091ffff Private Memory rw True False False -
private_0x0000000000920000 0x00920000 0x00a1ffff Private Memory rw True False False -
taskkill.exe 0x00a90000 0x00aa5fff Memory Mapped File rwx False False False -
pagefile_0x0000000000ab0000 0x00ab0000 0x01eaffff Pagefile Backed Memory r True False False -
private_0x0000000001ec0000 0x01ec0000 0x01efffff Private Memory rw True False False -
private_0x0000000001f50000 0x01f50000 0x01f8ffff Private Memory rw True False False -
private_0x0000000001fc0000 0x01fc0000 0x01ffffff Private Memory rw True False False -
private_0x0000000002050000 0x02050000 0x0208ffff Private Memory rw True False False -
sortdefault.nls 0x02090000 0x0235efff Memory Mapped File r False False False -
private_0x00000000023c0000 0x023c0000 0x023fffff Private Memory rw True False False -
private_0x0000000002400000 0x02400000 0x0243ffff Private Memory rw True False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #8: taskkill.exe
0 0
»
Information Value
ID #8
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im sqlservr.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:56, Reason: Child Process
Unmonitor End Time: 00:00:57, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x89c
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8A0
0x 8B4
0x 8B8
0x 8BC
0x 8C0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x00080000 0x00083fff Memory Mapped File rw False False False -
private_0x0000000000090000 0x00090000 0x000cffff Private Memory rw True False False -
locale.nls 0x000d0000 0x00136fff Memory Mapped File r False False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x001bffff Private Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x001fffff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x0023ffff Private Memory rw True False False -
kernelbase.dll.mui 0x00240000 0x002fffff Memory Mapped File rw False False False -
private_0x0000000000310000 0x00310000 0x0031ffff Private Memory rw True False False -
private_0x0000000000340000 0x00340000 0x0037ffff Private Memory rw True False False -
private_0x00000000003d0000 0x003d0000 0x0044ffff Private Memory rw True False False -
taskkill.exe 0x00470000 0x00485fff Memory Mapped File rwx False False False -
pagefile_0x0000000000490000 0x00490000 0x00617fff Pagefile Backed Memory r True False False -
private_0x0000000000620000 0x00620000 0x0071ffff Private Memory rw True False False -
pagefile_0x0000000000720000 0x00720000 0x008a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000008b0000 0x008b0000 0x01caffff Pagefile Backed Memory r True False False -
private_0x0000000001cb0000 0x01cb0000 0x01ceffff Private Memory rw True False False -
private_0x0000000001d60000 0x01d60000 0x01d9ffff Private Memory rw True False False -
private_0x0000000001dd0000 0x01dd0000 0x01e0ffff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01ebffff Private Memory rw True False False -
private_0x0000000001ef0000 0x01ef0000 0x01f2ffff Private Memory rw True False False -
private_0x0000000001f30000 0x01f30000 0x01f6ffff Private Memory rw True False False -
private_0x0000000001fa0000 0x01fa0000 0x01fdffff Private Memory rw True False False -
private_0x0000000001fe0000 0x01fe0000 0x020dffff Private Memory rw True False False -
sortdefault.nls 0x020e0000 0x023aefff Memory Mapped File r False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #9: taskkill.exe
0 0
»
Information Value
ID #9
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im SQLyog.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:57, Reason: Child Process
Unmonitor End Time: 00:00:57, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x8c8
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8CC
0x 8E0
0x 8E4
0x 8E8
0x 8EC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x00080000 0x00083fff Memory Mapped File rw False False False -
private_0x0000000000090000 0x00090000 0x00090fff Private Memory rw True False False -
private_0x00000000000a0000 0x000a0000 0x000a0fff Private Memory rw True False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c0fff Pagefile Backed Memory r True False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory rw True False False -
locale.nls 0x00110000 0x00176fff Memory Mapped File r False False False -
private_0x00000000001a0000 0x001a0000 0x001dffff Private Memory rw True False False -
private_0x0000000000220000 0x00220000 0x0022ffff Private Memory rw True False False -
private_0x0000000000260000 0x00260000 0x0029ffff Private Memory rw True False False -
kernelbase.dll.mui 0x002a0000 0x0035ffff Memory Mapped File rw False False False -
private_0x00000000003e0000 0x003e0000 0x0045ffff Private Memory rw True False False -
pagefile_0x0000000000460000 0x00460000 0x005e7fff Pagefile Backed Memory r True False False -
taskkill.exe 0x00640000 0x00655fff Memory Mapped File rwx False False False -
private_0x0000000000680000 0x00680000 0x006bffff Private Memory rw True False False -
private_0x00000000006c0000 0x006c0000 0x006fffff Private Memory rw True False False -
private_0x0000000000740000 0x00740000 0x0077ffff Private Memory rw True False False -
private_0x00000000007a0000 0x007a0000 0x0089ffff Private Memory rw True False False -
pagefile_0x00000000008a0000 0x008a0000 0x00a20fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000a30000 0x00a30000 0x01e2ffff Pagefile Backed Memory r True False False -
private_0x0000000001e30000 0x01e30000 0x01f2ffff Private Memory rw True False False -
private_0x0000000001f30000 0x01f30000 0x01f6ffff Private Memory rw True False False -
private_0x0000000001f80000 0x01f80000 0x01fbffff Private Memory rw True False False -
private_0x0000000001ff0000 0x01ff0000 0x0202ffff Private Memory rw True False False -
private_0x0000000002110000 0x02110000 0x0214ffff Private Memory rw True False False -
private_0x0000000002190000 0x02190000 0x021cffff Private Memory rw True False False -
sortdefault.nls 0x021d0000 0x0249efff Memory Mapped File r False False False -
private_0x00000000024a0000 0x024a0000 0x024dffff Private Memory rw True False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #10: taskkill.exe
0 0
»
Information Value
ID #10
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im httpd.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:57, Reason: Child Process
Unmonitor End Time: 00:00:57, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x8f4
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8F8
0x 90C
0x 910
0x 914
0x 918
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x0012ffff Private Memory rw True False False -
taskkill.exe.mui 0x00130000 0x00133fff Memory Mapped File rw False False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
private_0x0000000000170000 0x00170000 0x001affff Private Memory rw True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory r True False False -
private_0x00000000001c0000 0x001c0000 0x001fffff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x0027ffff Private Memory rw True False False -
private_0x00000000002d0000 0x002d0000 0x003cffff Private Memory rw True False False -
private_0x0000000000410000 0x00410000 0x0044ffff Private Memory rw True False False -
private_0x0000000000460000 0x00460000 0x0046ffff Private Memory rw True False False -
pagefile_0x0000000000470000 0x00470000 0x005f7fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000600000 0x00600000 0x00780fff Pagefile Backed Memory r True False False -
kernelbase.dll.mui 0x00790000 0x0084ffff Memory Mapped File rw False False False -
private_0x00000000008b0000 0x008b0000 0x008effff Private Memory rw True False False -
private_0x00000000008f0000 0x008f0000 0x0092ffff Private Memory rw True False False -
private_0x0000000000950000 0x00950000 0x0098ffff Private Memory rw True False False -
private_0x0000000000990000 0x00990000 0x00a8ffff Private Memory rw True False False -
private_0x0000000000ad0000 0x00ad0000 0x00b0ffff Private Memory rw True False False -
private_0x0000000000b40000 0x00b40000 0x00b7ffff Private Memory rw True False False -
private_0x0000000000b80000 0x00b80000 0x00bbffff Private Memory rw True False False -
private_0x0000000000bc0000 0x00bc0000 0x00bfffff Private Memory rw True False False -
private_0x0000000000c20000 0x00c20000 0x00c5ffff Private Memory rw True False False -
taskkill.exe 0x00e20000 0x00e35fff Memory Mapped File rwx False False False -
pagefile_0x0000000000e40000 0x00e40000 0x0223ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x02240000 0x0250efff Memory Mapped File r False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #11: taskkill.exe
0 0
»
Information Value
ID #11
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im ApacheMonitor.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:57, Reason: Child Process
Unmonitor End Time: 00:00:58, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x920
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 924
0x 938
0x 93C
0x 940
0x 944
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x00080000 0x00083fff Memory Mapped File rw False False False -
private_0x0000000000090000 0x00090000 0x00090fff Private Memory rw True False False -
private_0x00000000000a0000 0x000a0000 0x000a0fff Private Memory rw True False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c0fff Pagefile Backed Memory r True False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory rw True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
private_0x0000000000180000 0x00180000 0x001fffff Private Memory rw True False False -
private_0x0000000000210000 0x00210000 0x0030ffff Private Memory rw True False False -
locale.nls 0x00310000 0x00376fff Memory Mapped File r False False False -
kernelbase.dll.mui 0x00380000 0x0043ffff Memory Mapped File rw False False False -
taskkill.exe 0x00440000 0x00455fff Memory Mapped File rwx False False False -
private_0x0000000000460000 0x00460000 0x0049ffff Private Memory rw True False False -
private_0x00000000004c0000 0x004c0000 0x004fffff Private Memory rw True False False -
private_0x0000000000550000 0x00550000 0x0058ffff Private Memory rw True False False -
private_0x00000000005c0000 0x005c0000 0x005cffff Private Memory rw True False False -
pagefile_0x00000000005d0000 0x005d0000 0x00757fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000760000 0x00760000 0x008e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000008f0000 0x008f0000 0x01ceffff Pagefile Backed Memory r True False False -
private_0x0000000001d10000 0x01d10000 0x01d4ffff Private Memory rw True False False -
private_0x0000000001d70000 0x01d70000 0x01daffff Private Memory rw True False False -
private_0x0000000001dd0000 0x01dd0000 0x01e0ffff Private Memory rw True False False -
private_0x0000000001e30000 0x01e30000 0x01e6ffff Private Memory rw True False False -
private_0x0000000001eb0000 0x01eb0000 0x01eeffff Private Memory rw True False False -
private_0x0000000001f60000 0x01f60000 0x01f9ffff Private Memory rw True False False -
private_0x0000000001fd0000 0x01fd0000 0x0200ffff Private Memory rw True False False -
private_0x0000000002010000 0x02010000 0x0210ffff Private Memory rw True False False -
sortdefault.nls 0x02110000 0x023defff Memory Mapped File r False False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #12: taskkill.exe
0 0
»
Information Value
ID #12
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im mysqld-nt.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:58, Reason: Child Process
Unmonitor End Time: 00:00:58, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x94c
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 950
0x 964
0x 968
0x 96C
0x 970
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000130000 0x00130000 0x00130fff Pagefile Backed Memory r True False False -
private_0x0000000000170000 0x00170000 0x001affff Private Memory rw True False False -
private_0x00000000001b0000 0x001b0000 0x001effff Private Memory rw True False False -
kernelbase.dll.mui 0x001f0000 0x002affff Memory Mapped File rw False False False -
private_0x00000000002e0000 0x002e0000 0x002effff Private Memory rw True False False -
private_0x0000000000310000 0x00310000 0x0038ffff Private Memory rw True False False -
private_0x0000000000390000 0x00390000 0x003cffff Private Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x0042ffff Private Memory rw True False False -
private_0x0000000000460000 0x00460000 0x0049ffff Private Memory rw True False False -
private_0x00000000004b0000 0x004b0000 0x005affff Private Memory rw True False False -
taskkill.exe 0x006a0000 0x006b5fff Memory Mapped File rwx False False False -
pagefile_0x00000000006c0000 0x006c0000 0x00847fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000850000 0x00850000 0x009d0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000009e0000 0x009e0000 0x01ddffff Pagefile Backed Memory r True False False -
private_0x0000000001e10000 0x01e10000 0x01e4ffff Private Memory rw True False False -
private_0x0000000001e70000 0x01e70000 0x01eaffff Private Memory rw True False False -
private_0x0000000001eb0000 0x01eb0000 0x01faffff Private Memory rw True False False -
private_0x0000000001fe0000 0x01fe0000 0x0201ffff Private Memory rw True False False -
private_0x0000000002020000 0x02020000 0x0205ffff Private Memory rw True False False -
private_0x0000000002070000 0x02070000 0x020affff Private Memory rw True False False -
sortdefault.nls 0x020b0000 0x0237efff Memory Mapped File r False False False -
private_0x0000000002380000 0x02380000 0x023bffff Private Memory rw True False False -
private_0x00000000023c0000 0x023c0000 0x023fffff Private Memory rw True False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #13: taskkill.exe
0 0
»
Information Value
ID #13
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im sqlceip.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:58, Reason: Child Process
Unmonitor End Time: 00:00:59, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x978
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 97C
0x 990
0x 994
0x 998
0x 99C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory r True False False -
locale.nls 0x000b0000 0x00116fff Memory Mapped File r False False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory rw True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
taskkill.exe.mui 0x00170000 0x00173fff Memory Mapped File rw False False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory r True False False -
private_0x00000000001c0000 0x001c0000 0x001fffff Private Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0026ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002affff Private Memory rw True False False -
private_0x00000000002b0000 0x002b0000 0x002effff Private Memory rw True False False -
private_0x00000000002f0000 0x002f0000 0x0036ffff Private Memory rw True False False -
kernelbase.dll.mui 0x00370000 0x0042ffff Memory Mapped File rw False False False -
private_0x0000000000460000 0x00460000 0x0049ffff Private Memory rw True False False -
taskkill.exe 0x004b0000 0x004c5fff Memory Mapped File rwx False False False -
private_0x00000000004f0000 0x004f0000 0x0052ffff Private Memory rw True False False -
private_0x0000000000560000 0x00560000 0x0059ffff Private Memory rw True False False -
private_0x0000000000650000 0x00650000 0x0074ffff Private Memory rw True False False -
pagefile_0x0000000000750000 0x00750000 0x008d7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000008e0000 0x008e0000 0x00a60fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000a70000 0x00a70000 0x01e6ffff Pagefile Backed Memory r True False False -
private_0x0000000001e70000 0x01e70000 0x01f6ffff Private Memory rw True False False -
private_0x0000000001f90000 0x01f90000 0x01fcffff Private Memory rw True False False -
sortdefault.nls 0x01fd0000 0x0229efff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x0231ffff Private Memory rw True False False -
private_0x0000000002340000 0x02340000 0x0237ffff Private Memory rw True False False -
private_0x00000000024b0000 0x024b0000 0x024effff Private Memory rw True False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #14: taskkill.exe
0 0
»
Information Value
ID #14
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im sqlbrowser.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:58, Reason: Child Process
Unmonitor End Time: 00:00:59, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x9ac
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9B0
0x 9C4
0x 9C8
0x 9CC
0x 9D0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x00080000 0x00083fff Memory Mapped File rw False False False -
private_0x0000000000090000 0x00090000 0x00090fff Private Memory rw True False False -
private_0x00000000000a0000 0x000a0000 0x000a0fff Private Memory rw True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory rw True False False -
pagefile_0x00000000000f0000 0x000f0000 0x000f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000100000 0x00100000 0x00100fff Pagefile Backed Memory r True False False -
private_0x0000000000120000 0x00120000 0x0015ffff Private Memory rw True False False -
locale.nls 0x00160000 0x001c6fff Memory Mapped File r False False False -
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0026ffff Private Memory rw True False False -
taskkill.exe 0x00280000 0x00295fff Memory Mapped File rwx False False False -
kernelbase.dll.mui 0x002a0000 0x0035ffff Memory Mapped File rw False False False -
private_0x0000000000360000 0x00360000 0x0039ffff Private Memory rw True False False -
private_0x00000000003d0000 0x003d0000 0x003dffff Private Memory rw True False False -
private_0x0000000000400000 0x00400000 0x0043ffff Private Memory rw True False False -
private_0x0000000000440000 0x00440000 0x0047ffff Private Memory rw True False False -
private_0x0000000000490000 0x00490000 0x0050ffff Private Memory rw True False False -
pagefile_0x0000000000510000 0x00510000 0x00697fff Pagefile Backed Memory r True False False -
private_0x0000000000700000 0x00700000 0x007fffff Private Memory rw True False False -
pagefile_0x0000000000800000 0x00800000 0x00980fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000990000 0x00990000 0x01d8ffff Pagefile Backed Memory r True False False -
private_0x0000000001dd0000 0x01dd0000 0x01e0ffff Private Memory rw True False False -
private_0x0000000001e40000 0x01e40000 0x01e7ffff Private Memory rw True False False -
private_0x0000000001ea0000 0x01ea0000 0x01edffff Private Memory rw True False False -
private_0x0000000001ee0000 0x01ee0000 0x01fdffff Private Memory rw True False False -
sortdefault.nls 0x01fe0000 0x022aefff Memory Mapped File r False False False -
private_0x0000000002330000 0x02330000 0x0236ffff Private Memory rw True False False -
private_0x00000000023e0000 0x023e0000 0x0241ffff Private Memory rw True False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #15: taskkill.exe
0 0
»
Information Value
ID #15
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im FileZillaServer.exe
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:59, Reason: Child Process
Unmonitor End Time: 00:00:59, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x9d8
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9DC
0x 9F0
0x 9F4
0x 9F8
0x 9FC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x0017ffff Private Memory rw True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x001d0fff Private Memory rw True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f0fff Pagefile Backed Memory r True False False -
private_0x0000000000200000 0x00200000 0x0020ffff Private Memory rw True False False -
private_0x0000000000220000 0x00220000 0x0025ffff Private Memory rw True False False -
private_0x0000000000260000 0x00260000 0x0029ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory rw True False False -
private_0x0000000000330000 0x00330000 0x0042ffff Private Memory rw True False False -
pagefile_0x0000000000430000 0x00430000 0x005b7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000005c0000 0x005c0000 0x00740fff Pagefile Backed Memory r True False False -
kernelbase.dll.mui 0x00750000 0x0080ffff Memory Mapped File rw False False False -
private_0x0000000000890000 0x00890000 0x008cffff Private Memory rw True False False -
private_0x00000000008f0000 0x008f0000 0x0092ffff Private Memory rw True False False -
private_0x0000000000960000 0x00960000 0x0099ffff Private Memory rw True False False -
private_0x00000000009a0000 0x009a0000 0x009dffff Private Memory rw True False False -
private_0x00000000009e0000 0x009e0000 0x00a1ffff Private Memory rw True False False -
private_0x0000000000a30000 0x00a30000 0x00a6ffff Private Memory rw True False False -
taskkill.exe 0x00a70000 0x00a85fff Memory Mapped File rwx False False False -
pagefile_0x0000000000a90000 0x00a90000 0x01e8ffff Pagefile Backed Memory r True False False -
private_0x0000000001e90000 0x01e90000 0x01f8ffff Private Memory rw True False False -
sortdefault.nls 0x01f90000 0x0225efff Memory Mapped File r False False False -
private_0x00000000022d0000 0x022d0000 0x0230ffff Private Memory rw True False False -
private_0x0000000002370000 0x02370000 0x023affff Private Memory rw True False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #16: taskkill.exe
0 0
»
Information Value
ID #16
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM chrome.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:59, Reason: Child Process
Unmonitor End Time: 00:01:00, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xa04
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A08
0x A1C
0x A20
0x A24
0x A28
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000130000 0x00130000 0x00130fff Pagefile Backed Memory r True False False -
private_0x0000000000160000 0x00160000 0x0019ffff Private Memory rw True False False -
private_0x00000000001b0000 0x001b0000 0x001effff Private Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0026ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x0031ffff Private Memory rw True False False -
private_0x0000000000320000 0x00320000 0x0035ffff Private Memory rw True False False -
private_0x0000000000370000 0x00370000 0x003affff Private Memory rw True False False -
private_0x00000000003b0000 0x003b0000 0x0042ffff Private Memory rw True False False -
kernelbase.dll.mui 0x00430000 0x004effff Memory Mapped File rw False False False -
private_0x0000000000500000 0x00500000 0x0053ffff Private Memory rw True False False -
private_0x0000000000570000 0x00570000 0x0066ffff Private Memory rw True False False -
private_0x00000000006b0000 0x006b0000 0x006effff Private Memory rw True False False -
private_0x0000000000710000 0x00710000 0x0074ffff Private Memory rw True False False -
private_0x00000000007b0000 0x007b0000 0x007effff Private Memory rw True False False -
private_0x00000000007f0000 0x007f0000 0x007fffff Private Memory rw True False False -
pagefile_0x0000000000800000 0x00800000 0x00987fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000990000 0x00990000 0x00b10fff Pagefile Backed Memory r True False False -
private_0x0000000000b20000 0x00b20000 0x00c1ffff Private Memory rw True False False -
private_0x0000000000c90000 0x00c90000 0x00ccffff Private Memory rw True False False -
taskkill.exe 0x00cf0000 0x00d05fff Memory Mapped File rwx False False False -
pagefile_0x0000000000d10000 0x00d10000 0x0210ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x02110000 0x023defff Memory Mapped File r False False False -
wmiutils.dll 0x74b00000 0x74b16fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #17: taskkill.exe
0 0
»
Information Value
ID #17
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM ie.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:59, Reason: Child Process
Unmonitor End Time: 00:01:00, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xa30
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A34
0x A48
0x A4C
0x A50
0x A54
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
private_0x0000000000120000 0x00120000 0x0015ffff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
private_0x0000000000180000 0x00180000 0x001bffff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory rw True False False -
kernelbase.dll.mui 0x002e0000 0x0039ffff Memory Mapped File rw False False False -
private_0x00000000003a0000 0x003a0000 0x003dffff Private Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x0046ffff Private Memory rw True False False -
private_0x0000000000470000 0x00470000 0x0056ffff Private Memory rw True False False -
private_0x0000000000580000 0x00580000 0x0067ffff Private Memory rw True False False -
private_0x00000000006a0000 0x006a0000 0x006dffff Private Memory rw True False False -
private_0x00000000006e0000 0x006e0000 0x0071ffff Private Memory rw True False False -
taskkill.exe 0x00740000 0x00755fff Memory Mapped File rwx False False False -
pagefile_0x0000000000760000 0x00760000 0x008e7fff Pagefile Backed Memory r True False False -
private_0x0000000000920000 0x00920000 0x0092ffff Private Memory rw True False False -
pagefile_0x0000000000930000 0x00930000 0x00ab0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000ac0000 0x00ac0000 0x01ebffff Pagefile Backed Memory r True False False -
private_0x0000000001f80000 0x01f80000 0x01fbffff Private Memory rw True False False -
private_0x0000000001ff0000 0x01ff0000 0x0202ffff Private Memory rw True False False -
private_0x0000000002060000 0x02060000 0x0209ffff Private Memory rw True False False -
sortdefault.nls 0x020a0000 0x0236efff Memory Mapped File r False False False -
private_0x00000000023e0000 0x023e0000 0x0241ffff Private Memory rw True False False -
private_0x0000000002450000 0x02450000 0x0248ffff Private Memory rw True False False -
wmiutils.dll 0x74b10000 0x74b26fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #18: taskkill.exe
0 0
»
Information Value
ID #18
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM firefox.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:00, Reason: Child Process
Unmonitor End Time: 00:01:00, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xa5c
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A60
0x A74
0x A78
0x A7C
0x A80
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001effff Private Memory rw True False False -
private_0x0000000000210000 0x00210000 0x0024ffff Private Memory rw True False False -
kernelbase.dll.mui 0x00250000 0x0030ffff Memory Mapped File rw False False False -
private_0x0000000000370000 0x00370000 0x0037ffff Private Memory rw True False False -
private_0x00000000003c0000 0x003c0000 0x003fffff Private Memory rw True False False -
private_0x0000000000400000 0x00400000 0x0047ffff Private Memory rw True False False -
private_0x0000000000490000 0x00490000 0x004cffff Private Memory rw True False False -
private_0x00000000004d0000 0x004d0000 0x0050ffff Private Memory rw True False False -
private_0x0000000000530000 0x00530000 0x0056ffff Private Memory rw True False False -
taskkill.exe 0x005c0000 0x005d5fff Memory Mapped File rwx False False False -
pagefile_0x00000000005e0000 0x005e0000 0x00767fff Pagefile Backed Memory r True False False -
private_0x0000000000790000 0x00790000 0x0088ffff Private Memory rw True False False -
pagefile_0x0000000000890000 0x00890000 0x00a10fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000a20000 0x00a20000 0x01e1ffff Pagefile Backed Memory r True False False -
private_0x0000000001e20000 0x01e20000 0x01f1ffff Private Memory rw True False False -
private_0x0000000001f20000 0x01f20000 0x01f5ffff Private Memory rw True False False -
sortdefault.nls 0x01f60000 0x0222efff Memory Mapped File r False False False -
private_0x0000000002290000 0x02290000 0x022cffff Private Memory rw True False False -
private_0x0000000002320000 0x02320000 0x0235ffff Private Memory rw True False False -
private_0x0000000002390000 0x02390000 0x023cffff Private Memory rw True False False -
private_0x00000000024e0000 0x024e0000 0x0251ffff Private Memory rw True False False -
wmiutils.dll 0x74b20000 0x74b36fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #19: taskkill.exe
0 0
»
Information Value
ID #19
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM opera.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:00, Reason: Child Process
Unmonitor End Time: 00:01:01, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xa88
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A8C
0x AA0
0x AA4
0x AA8
0x AAC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001effff Private Memory rw True False False -
private_0x0000000000250000 0x00250000 0x002cffff Private Memory rw True False False -
private_0x0000000000330000 0x00330000 0x0042ffff Private Memory rw True False False -
private_0x0000000000450000 0x00450000 0x0048ffff Private Memory rw True False False -
private_0x0000000000490000 0x00490000 0x004cffff Private Memory rw True False False -
private_0x00000000004d0000 0x004d0000 0x0050ffff Private Memory rw True False False -
private_0x0000000000540000 0x00540000 0x0054ffff Private Memory rw True False False -
taskkill.exe 0x00570000 0x00585fff Memory Mapped File rwx False False False -
pagefile_0x0000000000590000 0x00590000 0x00717fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000720000 0x00720000 0x008a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000008b0000 0x008b0000 0x01caffff Pagefile Backed Memory r True False False -
kernelbase.dll.mui 0x01cb0000 0x01d6ffff Memory Mapped File rw False False False -
private_0x0000000001dd0000 0x01dd0000 0x01e0ffff Private Memory rw True False False -
private_0x0000000001e40000 0x01e40000 0x01e7ffff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01f7ffff Private Memory rw True False False -
private_0x0000000001f80000 0x01f80000 0x01fbffff Private Memory rw True False False -
private_0x0000000001ff0000 0x01ff0000 0x0202ffff Private Memory rw True False False -
private_0x0000000002050000 0x02050000 0x0208ffff Private Memory rw True False False -
sortdefault.nls 0x02090000 0x0235efff Memory Mapped File r False False False -
private_0x00000000023d0000 0x023d0000 0x0240ffff Private Memory rw True False False -
private_0x0000000002410000 0x02410000 0x0244ffff Private Memory rw True False False -
wmiutils.dll 0x74b10000 0x74b26fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #20: taskkill.exe
0 0
»
Information Value
ID #20
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM safari.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:00, Reason: Child Process
Unmonitor End Time: 00:01:01, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xab4
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AB8
0x ACC
0x AD0
0x AD4
0x AD8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001effff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x0027ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory rw True False False -
pagefile_0x00000000002e0000 0x002e0000 0x00467fff Pagefile Backed Memory r True False False -
private_0x0000000000480000 0x00480000 0x0048ffff Private Memory rw True False False -
private_0x00000000004b0000 0x004b0000 0x0052ffff Private Memory rw True False False -
pagefile_0x0000000000530000 0x00530000 0x006b0fff Pagefile Backed Memory r True False False -
private_0x0000000000700000 0x00700000 0x007fffff Private Memory rw True False False -
kernelbase.dll.mui 0x00800000 0x008bffff Memory Mapped File rw False False False -
private_0x00000000008c0000 0x008c0000 0x009bffff Private Memory rw True False False -
private_0x00000000009e0000 0x009e0000 0x00a1ffff Private Memory rw True False False -
private_0x0000000000a50000 0x00a50000 0x00a8ffff Private Memory rw True False False -
private_0x0000000000b10000 0x00b10000 0x00b4ffff Private Memory rw True False False -
private_0x0000000000b90000 0x00b90000 0x00bcffff Private Memory rw True False False -
private_0x0000000000c00000 0x00c00000 0x00c3ffff Private Memory rw True False False -
private_0x0000000000c40000 0x00c40000 0x00c7ffff Private Memory rw True False False -
private_0x0000000000d20000 0x00d20000 0x00d5ffff Private Memory rw True False False -
taskkill.exe 0x00df0000 0x00e05fff Memory Mapped File rwx False False False -
pagefile_0x0000000000e10000 0x00e10000 0x0220ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x02210000 0x024defff Memory Mapped File r False False False -
private_0x00000000024f0000 0x024f0000 0x0252ffff Private Memory rw True False False -
wmiutils.dll 0x74b20000 0x74b36fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #21: taskkill.exe
0 0
»
Information Value
ID #21
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM taskmgr.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:01:01, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xae0
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AE4
0x AF8
0x AFC
0x B00
0x B04
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
kernelbase.dll.mui 0x001d0000 0x0028ffff Memory Mapped File rw False False False -
private_0x00000000002d0000 0x002d0000 0x0034ffff Private Memory rw True False False -
private_0x0000000000380000 0x00380000 0x003bffff Private Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x0042ffff Private Memory rw True False False -
private_0x0000000000450000 0x00450000 0x0054ffff Private Memory rw True False False -
pagefile_0x0000000000550000 0x00550000 0x006d7fff Pagefile Backed Memory r True False False -
private_0x00000000006f0000 0x006f0000 0x0072ffff Private Memory rw True False False -
private_0x0000000000740000 0x00740000 0x0074ffff Private Memory rw True False False -
pagefile_0x0000000000750000 0x00750000 0x008d0fff Pagefile Backed Memory r True False False -
private_0x00000000008f0000 0x008f0000 0x0092ffff Private Memory rw True False False -
private_0x0000000000950000 0x00950000 0x0098ffff Private Memory rw True False False -
private_0x0000000000a00000 0x00a00000 0x00a3ffff Private Memory rw True False False -
private_0x0000000000a40000 0x00a40000 0x00b3ffff Private Memory rw True False False -
sortdefault.nls 0x00b40000 0x00e0efff Memory Mapped File r False False False -
taskkill.exe 0x00e40000 0x00e55fff Memory Mapped File rwx False False False -
pagefile_0x0000000000e60000 0x00e60000 0x0225ffff Pagefile Backed Memory r True False False -
private_0x0000000002290000 0x02290000 0x022cffff Private Memory rw True False False -
private_0x0000000002300000 0x02300000 0x0233ffff Private Memory rw True False False -
private_0x0000000002370000 0x02370000 0x023affff Private Memory rw True False False -
private_0x0000000002430000 0x02430000 0x0246ffff Private Memory rw True False False -
wmiutils.dll 0x74b00000 0x74b16fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #22: taskkill.exe
0 0
»
Information Value
ID #22
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM 1c /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:01:02, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb0c
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B10
0x B24
0x B28
0x B2C
0x B30
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x00080000 0x00083fff Memory Mapped File rw False False False -
private_0x0000000000090000 0x00090000 0x00090fff Private Memory rw True False False -
taskkill.exe 0x000a0000 0x000b5fff Memory Mapped File rwx False False False -
locale.nls 0x000c0000 0x00126fff Memory Mapped File r False False False -
private_0x0000000000130000 0x00130000 0x00130fff Private Memory rw True False False -
pagefile_0x0000000000140000 0x00140000 0x00140fff Pagefile Backed Memory r True False False -
private_0x0000000000150000 0x00150000 0x0018ffff Private Memory rw True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory r True False False -
private_0x00000000001e0000 0x001e0000 0x0021ffff Private Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0026ffff Private Memory rw True False False -
kernelbase.dll.mui 0x00270000 0x0032ffff Memory Mapped File rw False False False -
private_0x0000000000340000 0x00340000 0x0037ffff Private Memory rw True False False -
private_0x0000000000380000 0x00380000 0x003fffff Private Memory rw True False False -
private_0x0000000000410000 0x00410000 0x0044ffff Private Memory rw True False False -
private_0x0000000000480000 0x00480000 0x004bffff Private Memory rw True False False -
private_0x0000000000510000 0x00510000 0x0060ffff Private Memory rw True False False -
private_0x0000000000650000 0x00650000 0x0068ffff Private Memory rw True False False -
private_0x00000000006b0000 0x006b0000 0x006effff Private Memory rw True False False -
private_0x0000000000700000 0x00700000 0x0073ffff Private Memory rw True False False -
private_0x0000000000760000 0x00760000 0x0076ffff Private Memory rw True False False -
pagefile_0x0000000000770000 0x00770000 0x008f7fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000900000 0x00900000 0x00a80fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000a90000 0x00a90000 0x01e8ffff Pagefile Backed Memory r True False False -
private_0x0000000001e90000 0x01e90000 0x01f8ffff Private Memory rw True False False -
sortdefault.nls 0x01f90000 0x0225efff Memory Mapped File r False False False -
private_0x00000000022b0000 0x022b0000 0x022effff Private Memory rw True False False -
private_0x00000000022f0000 0x022f0000 0x0232ffff Private Memory rw True False False -
private_0x00000000023d0000 0x023d0000 0x0240ffff Private Memory rw True False False -
wmiutils.dll 0x74b10000 0x74b26fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #23: taskkill.exe
0 0
»
Information Value
ID #23
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM excel.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:01:02, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb38
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B3C
0x B50
0x B54
0x B58
0x B5C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory r True False False -
locale.nls 0x000b0000 0x00116fff Memory Mapped File r False False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory rw True False False -
taskkill.exe 0x00130000 0x00145fff Memory Mapped File rwx False False False -
taskkill.exe.mui 0x00150000 0x00153fff Memory Mapped File rw False False False -
private_0x0000000000160000 0x00160000 0x00160fff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory rw True False False -
kernelbase.dll.mui 0x00180000 0x0023ffff Memory Mapped File rw False False False -
pagefile_0x0000000000240000 0x00240000 0x00240fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000250000 0x00250000 0x00250fff Pagefile Backed Memory r True False False -
private_0x0000000000260000 0x00260000 0x0029ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory rw True False False -
private_0x0000000000320000 0x00320000 0x0035ffff Private Memory rw True False False -
private_0x0000000000370000 0x00370000 0x003affff Private Memory rw True False False -
private_0x00000000003b0000 0x003b0000 0x0042ffff Private Memory rw True False False -
private_0x0000000000490000 0x00490000 0x004cffff Private Memory rw True False False -
private_0x00000000004d0000 0x004d0000 0x0050ffff Private Memory rw True False False -
private_0x0000000000540000 0x00540000 0x0063ffff Private Memory rw True False False -
pagefile_0x0000000000640000 0x00640000 0x007c7fff Pagefile Backed Memory r True False False -
private_0x0000000000830000 0x00830000 0x0083ffff Private Memory rw True False False -
pagefile_0x0000000000840000 0x00840000 0x009c0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000009d0000 0x009d0000 0x01dcffff Pagefile Backed Memory r True False False -
private_0x0000000001dd0000 0x01dd0000 0x01ecffff Private Memory rw True False False -
private_0x0000000001ed0000 0x01ed0000 0x01f0ffff Private Memory rw True False False -
private_0x0000000001f30000 0x01f30000 0x01f6ffff Private Memory rw True False False -
sortdefault.nls 0x01f70000 0x0223efff Memory Mapped File r False False False -
private_0x00000000022b0000 0x022b0000 0x022effff Private Memory rw True False False -
private_0x0000000002350000 0x02350000 0x0238ffff Private Memory rw True False False -
private_0x0000000002390000 0x02390000 0x023cffff Private Memory rw True False False -
wmiutils.dll 0x74b20000 0x74b36fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #24: taskkill.exe
0 0
»
Information Value
ID #24
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM mspub.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:02, Reason: Child Process
Unmonitor End Time: 00:01:03, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb64
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B68
0x B7C
0x B80
0x B84
0x B88
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x0012ffff Private Memory rw True False False -
taskkill.exe.mui 0x00130000 0x00133fff Memory Mapped File rw False False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
private_0x00000000001f0000 0x001f0000 0x0022ffff Private Memory rw True False False -
taskkill.exe 0x00250000 0x00265fff Memory Mapped File rwx False False False -
private_0x0000000000270000 0x00270000 0x002affff Private Memory rw True False False -
private_0x00000000002b0000 0x002b0000 0x0032ffff Private Memory rw True False False -
private_0x0000000000370000 0x00370000 0x0046ffff Private Memory rw True False False -
pagefile_0x0000000000470000 0x00470000 0x005f7fff Pagefile Backed Memory r True False False -
private_0x0000000000610000 0x00610000 0x0064ffff Private Memory rw True False False -
private_0x0000000000660000 0x00660000 0x0066ffff Private Memory rw True False False -
pagefile_0x0000000000670000 0x00670000 0x007f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000800000 0x00800000 0x01bfffff Pagefile Backed Memory r True False False -
private_0x0000000001c90000 0x01c90000 0x01ccffff Private Memory rw True False False -
kernelbase.dll.mui 0x01cd0000 0x01d8ffff Memory Mapped File rw False False False -
private_0x0000000001d90000 0x01d90000 0x01e8ffff Private Memory rw True False False -
sortdefault.nls 0x01e90000 0x0215efff Memory Mapped File r False False False -
private_0x0000000002170000 0x02170000 0x021affff Private Memory rw True False False -
private_0x0000000002240000 0x02240000 0x0227ffff Private Memory rw True False False -
private_0x0000000002290000 0x02290000 0x022cffff Private Memory rw True False False -
private_0x00000000022d0000 0x022d0000 0x0230ffff Private Memory rw True False False -
private_0x0000000002370000 0x02370000 0x023affff Private Memory rw True False False -
private_0x00000000023e0000 0x023e0000 0x0241ffff Private Memory rw True False False -
wmiutils.dll 0x74b10000 0x74b26fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #25: taskkill.exe
0 0
»
Information Value
ID #25
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM winword.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:02, Reason: Child Process
Unmonitor End Time: 00:01:02, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb90
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B94
0x BA8
0x BAC
0x BB0
0x BB4
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory r True False False -
locale.nls 0x000b0000 0x00116fff Memory Mapped File r False False False -
pagefile_0x0000000000120000 0x00120000 0x00121fff Pagefile Backed Memory rw True False False -
private_0x0000000000130000 0x00130000 0x0013ffff Private Memory rw True False False -
taskkill.exe.mui 0x00140000 0x00143fff Memory Mapped File rw False False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory rw True False False -
private_0x0000000000160000 0x00160000 0x00160fff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000180000 0x00180000 0x00180fff Pagefile Backed Memory r True False False -
private_0x0000000000210000 0x00210000 0x0024ffff Private Memory rw True False False -
private_0x0000000000280000 0x00280000 0x002bffff Private Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x0031ffff Private Memory rw True False False -
private_0x0000000000370000 0x00370000 0x003effff Private Memory rw True False False -
kernelbase.dll.mui 0x003f0000 0x004affff Memory Mapped File rw False False False -
private_0x00000000004c0000 0x004c0000 0x004fffff Private Memory rw True False False -
private_0x0000000000510000 0x00510000 0x0060ffff Private Memory rw True False False -
pagefile_0x0000000000610000 0x00610000 0x00797fff Pagefile Backed Memory r True False False -
pagefile_0x00000000007a0000 0x007a0000 0x00920fff Pagefile Backed Memory r True False False -
private_0x0000000000930000 0x00930000 0x0096ffff Private Memory rw True False False -
private_0x0000000000970000 0x00970000 0x00a6ffff Private Memory rw True False False -
private_0x0000000000ab0000 0x00ab0000 0x00aeffff Private Memory rw True False False -
sortdefault.nls 0x00af0000 0x00dbefff Memory Mapped File r False False False -
private_0x0000000000e00000 0x00e00000 0x00e3ffff Private Memory rw True False False -
private_0x0000000000e70000 0x00e70000 0x00eaffff Private Memory rw True False False -
private_0x0000000000ee0000 0x00ee0000 0x00f1ffff Private Memory rw True False False -
private_0x0000000000f30000 0x00f30000 0x00f6ffff Private Memory rw True False False -
taskkill.exe 0x00fb0000 0x00fc5fff Memory Mapped File rwx False False False -
pagefile_0x0000000000fd0000 0x00fd0000 0x023cffff Pagefile Backed Memory r True False False -
private_0x0000000002430000 0x02430000 0x0246ffff Private Memory rw True False False -
wmiutils.dll 0x74b20000 0x74b36fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #26: taskkill.exe
0 0
»
Information Value
ID #26
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM powerpnt.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:02, Reason: Child Process
Unmonitor End Time: 00:01:03, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xbbc
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BC0
0x BD4
0x BD8
0x BDC
0x BE0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x0011ffff Private Memory rw True False False -
private_0x0000000000120000 0x00120000 0x00120fff Private Memory rw True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory rw True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000180000 0x00180000 0x00180fff Pagefile Backed Memory r True False False -
private_0x00000000001e0000 0x001e0000 0x0021ffff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x0027ffff Private Memory rw True False False -
private_0x0000000000290000 0x00290000 0x0030ffff Private Memory rw True False False -
private_0x0000000000330000 0x00330000 0x0036ffff Private Memory rw True False False -
private_0x0000000000380000 0x00380000 0x0047ffff Private Memory rw True False False -
pagefile_0x0000000000480000 0x00480000 0x00607fff Pagefile Backed Memory r True False False -
taskkill.exe 0x00610000 0x00625fff Memory Mapped File rwx False False False -
pagefile_0x0000000000630000 0x00630000 0x007b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000007c0000 0x007c0000 0x01bbffff Pagefile Backed Memory r True False False -
kernelbase.dll.mui 0x01bc0000 0x01c7ffff Memory Mapped File rw False False False -
private_0x0000000001c80000 0x01c80000 0x01cbffff Private Memory rw True False False -
private_0x0000000001cf0000 0x01cf0000 0x01d2ffff Private Memory rw True False False -
private_0x0000000001d70000 0x01d70000 0x01daffff Private Memory rw True False False -
private_0x0000000001e40000 0x01e40000 0x01e7ffff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01ebffff Private Memory rw True False False -
private_0x0000000001ec0000 0x01ec0000 0x01fbffff Private Memory rw True False False -
sortdefault.nls 0x01fc0000 0x0228efff Memory Mapped File r False False False -
private_0x00000000022a0000 0x022a0000 0x022dffff Private Memory rw True False False -
private_0x0000000002370000 0x02370000 0x023affff Private Memory rw True False False -
private_0x0000000002460000 0x02460000 0x0249ffff Private Memory rw True False False -
wmiutils.dll 0x74b10000 0x74b26fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #27: taskkill.exe
0 0
»
Information Value
ID #27
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /F /IM notepad.exe /T
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:03, Reason: Child Process
Unmonitor End Time: 00:01:03, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xbe8
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BEC
0x 718
0x 40C
0x 814
0x 330
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
private_0x0000000000070000 0x00070000 0x000affff Private Memory rw True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory rw True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File r False False False -
pagefile_0x0000000000160000 0x00160000 0x00161fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x00170000 0x00173fff Memory Mapped File rw False False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
private_0x0000000000190000 0x00190000 0x0019ffff Private Memory rw True False False -
private_0x00000000001a0000 0x001a0000 0x001a0fff Private Memory rw True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c0fff Pagefile Backed Memory r True False False -
private_0x00000000001e0000 0x001e0000 0x0021ffff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x002bffff Private Memory rw True False False -
kernelbase.dll.mui 0x002c0000 0x0037ffff Memory Mapped File rw False False False -
private_0x0000000000380000 0x00380000 0x003bffff Private Memory rw True False False -
private_0x00000000003d0000 0x003d0000 0x0040ffff Private Memory rw True False False -
private_0x0000000000410000 0x00410000 0x0050ffff Private Memory rw True False False -
pagefile_0x0000000000510000 0x00510000 0x00697fff Pagefile Backed Memory r True False False -
pagefile_0x00000000006a0000 0x006a0000 0x00820fff Pagefile Backed Memory r True False False -
private_0x0000000000890000 0x00890000 0x008cffff Private Memory rw True False False -
private_0x00000000008f0000 0x008f0000 0x0092ffff Private Memory rw True False False -
private_0x0000000000940000 0x00940000 0x0097ffff Private Memory rw True False False -
private_0x00000000009b0000 0x009b0000 0x009effff Private Memory rw True False False -
private_0x00000000009f0000 0x009f0000 0x00aeffff Private Memory rw True False False -
sortdefault.nls 0x00af0000 0x00dbefff Memory Mapped File r False False False -
taskkill.exe 0x00f20000 0x00f35fff Memory Mapped File rwx False False False -
pagefile_0x0000000000f40000 0x00f40000 0x0233ffff Pagefile Backed Memory r True False False -
private_0x0000000002360000 0x02360000 0x0239ffff Private Memory rw True False False -
private_0x00000000023a0000 0x023a0000 0x023dffff Private Memory rw True False False -
private_0x0000000002430000 0x02430000 0x0246ffff Private Memory rw True False False -
wmiutils.dll 0x74b20000 0x74b36fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #28: taskkill.exe
0 0
»
Information Value
ID #28
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im Microsoft.Exchange.*
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:03, Reason: Child Process
Unmonitor End Time: 00:01:03, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x588
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 2A8
0x 840
0x 81C
0x 830
0x 834
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
private_0x0000000000070000 0x00070000 0x000affff Private Memory rw True False False -
private_0x00000000000b0000 0x000b0000 0x0012ffff Private Memory rw True False False -
private_0x0000000000130000 0x00130000 0x0022ffff Private Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0026ffff Private Memory rw True False False -
locale.nls 0x00270000 0x002d6fff Memory Mapped File r False False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x002f0000 0x002f3fff Memory Mapped File rw False False False -
private_0x0000000000300000 0x00300000 0x0030ffff Private Memory rw True False False -
pagefile_0x0000000000310000 0x00310000 0x00497fff Pagefile Backed Memory r True False False -
pagefile_0x00000000004a0000 0x004a0000 0x00620fff Pagefile Backed Memory r True False False -
private_0x0000000000630000 0x00630000 0x00630fff Private Memory rw True False False -
private_0x0000000000640000 0x00640000 0x00640fff Private Memory rw True False False -
kernelbase.dll.mui 0x00650000 0x0070ffff Memory Mapped File rw False False False -
pagefile_0x0000000000710000 0x00710000 0x00710fff Pagefile Backed Memory r True False False -
private_0x0000000000720000 0x00720000 0x0075ffff Private Memory rw True False False -
private_0x0000000000760000 0x00760000 0x0079ffff Private Memory rw True False False -
pagefile_0x00000000007a0000 0x007a0000 0x007a0fff Pagefile Backed Memory r True False False -
private_0x00000000007f0000 0x007f0000 0x0082ffff Private Memory rw True False False -
private_0x0000000000860000 0x00860000 0x0089ffff Private Memory rw True False False -
private_0x0000000000960000 0x00960000 0x0099ffff Private Memory rw True False False -
private_0x00000000009a0000 0x009a0000 0x00a9ffff Private Memory rw True False False -
sortdefault.nls 0x00aa0000 0x00d6efff Memory Mapped File r False False False -
taskkill.exe 0x00d80000 0x00d95fff Memory Mapped File rwx False False False -
pagefile_0x0000000000da0000 0x00da0000 0x0219ffff Pagefile Backed Memory r True False False -
private_0x00000000021c0000 0x021c0000 0x021fffff Private Memory rw True False False -
private_0x0000000002260000 0x02260000 0x0229ffff Private Memory rw True False False -
private_0x00000000022c0000 0x022c0000 0x022fffff Private Memory rw True False False -
private_0x0000000002330000 0x02330000 0x0236ffff Private Memory rw True False False -
private_0x00000000023a0000 0x023a0000 0x023dffff Private Memory rw True False False -
wmiutils.dll 0x74b10000 0x74b26fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b30000 0x74b47fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b50000 0x74be5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dbghelp.dll 0x74c30000 0x74d1afff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74d30000 0x74d3efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74d40000 0x74d4dfff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d50000 0x74d65fff Memory Mapped File rwx False False False -
winsta.dll 0x74d70000 0x74d98fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74da0000 0x74dfbfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e00000 0x74e09fff Memory Mapped File rwx False False False -
srvcli.dll 0x74e10000 0x74e28fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e30000 0x74e40fff Memory Mapped File rwx False False False -
wkscli.dll 0x74e50000 0x74e5efff Memory Mapped File rwx False False False -
netutils.dll 0x74e60000 0x74e68fff Memory Mapped File rwx False False False -
framedynos.dll 0x74e70000 0x74ea4fff Memory Mapped File rwx False False False -
mpr.dll 0x74eb0000 0x74ec1fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75030000 0x7503cfff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #29: taskkill.exe
0 0
»
Information Value
ID #29
File Name c:\windows\syswow64\taskkill.exe
Command Line taskkill /f /im MSExchange*
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:03, Reason: Child Process
Unmonitor End Time: 00:01:04, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x828
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 850
0x 85C
0x 860
0x 858
0x 854
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
taskkill.exe.mui 0x000f0000 0x000f3fff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000130000 0x00130000 0x00130fff Pagefile Backed Memory r True False False -
private_0x0000000000170000 0x00170000 0x001affff Private Memory rw True False False -
kernelbase.dll.mui 0x001b0000 0x0026ffff Memory Mapped File rw False False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory rw True False False -
private_0x0000000000320000 0x00320000 0x0035ffff Private Memory rw True False False -
private_0x0000000000370000 0x00370000 0x003affff Private Memory rw True False False -
taskkill.exe 0x003b0000 0x003c5fff Memory Mapped File rwx False False False -
private_0x00000000003d0000 0x003d0000 0x004cffff Private Memory rw True False False -
private_0x00000000004e0000 0x004e0000 0x004effff Private Memory rw True False False -
private_0x0000000000520000 0x00520000 0x0055ffff Private Memory rw True False False -
private_0x0000000000560000 0x00560000 0x0059ffff Private Memory rw True False False -
private_0x00000000005a0000 0x005a0000 0x0061ffff Private Memory rw True False False -
pagefile_0x0000000000620000 0x00620000 0x007a7fff Pagefile Backed Memory r True False False -
private_0x00000000007f0000 0x007f0000 0x008effff Private Memory rw True False False -
pagefile_0x00000000008f0000 0x008f0000 0x00a70fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000a80000 0x00a80000 0x01e7ffff Pagefile Backed Memory r True False False -
private_0x0000000001ea0000 0x01ea0000 0x01edffff Private Memory rw True False False -
private_0x0000000001f00000 0x01f00000 0x01f3ffff Private Memory rw True False False -
private_0x0000000001fa0000 0x01fa0000 0x01fdffff Private Memory rw True False False -
private_0x0000000002070000 0x02070000 0x020affff Private Memory rw True False False -
private_0x00000000021a0000 0x021a0000 0x021dffff Private Memory rw True False False -
private_0x00000000022a0000 0x022a0000 0x022dffff Private Memory rw True False False -
sortdefault.nls 0x022e0000 0x025aefff Memory Mapped File r False False False -
wmiutils.dll 0x74b20000 0x74b36fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74b40000 0x74b57fff Memory Mapped File rwx False False False -
fastprox.dll 0x74b60000 0x74bf5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74c00000 0x74c0efff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74c10000 0x74c1dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c20000 0x74c5afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c60000 0x74c75fff Memory Mapped File rwx False False False -
winsta.dll 0x74c80000 0x74ca8fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74cb0000 0x74d0bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74d10000 0x74d19fff Memory Mapped File rwx False False False -
dbghelp.dll 0x74d20000 0x74e0afff Memory Mapped File rwx False False False -
wkscli.dll 0x74e10000 0x74e1efff Memory Mapped File rwx False False False -
srvcli.dll 0x74e20000 0x74e38fff Memory Mapped File rwx False False False -
netutils.dll 0x74e40000 0x74e48fff Memory Mapped File rwx False False False -
netapi32.dll 0x74e50000 0x74e60fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x74e70000 0x74e7cfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e80000 0x74eb4fff Memory Mapped File rwx False False False -
secur32.dll 0x74ec0000 0x74ec7fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
mpr.dll 0x75030000 0x75041fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #30: vssadmin.exe
0 0
»
Information Value
ID #30
File Name c:\windows\syswow64\vssadmin.exe
Command Line vssadmin.exe delete shadows /all /quiet
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:03, Reason: Child Process
Unmonitor End Time: 00:01:04, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x894
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 890
0x 884
0x 870
0x 880
0x 878
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b1fff Pagefile Backed Memory rw True False False -
vssadmin.exe.mui 0x000c0000 0x000ccfff Memory Mapped File rw False False False -
private_0x00000000000d0000 0x000d0000 0x000d0fff Private Memory rw True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
pagefile_0x00000000000f0000 0x000f0000 0x000f0fff Pagefile Backed Memory r True False False -
private_0x0000000000100000 0x00100000 0x0017ffff Private Memory rw True False False -
pagefile_0x0000000000180000 0x00180000 0x00180fff Pagefile Backed Memory r True False False -
vssadmin.exe 0x001e0000 0x001fefff Memory Mapped File rwx False False False -
private_0x0000000000200000 0x00200000 0x0023ffff Private Memory rw True False False -
private_0x0000000000250000 0x00250000 0x0028ffff Private Memory rw True False False -
private_0x0000000000290000 0x00290000 0x0038ffff Private Memory rw True False False -
locale.nls 0x00390000 0x003f6fff Memory Mapped File r False False False -
private_0x0000000000460000 0x00460000 0x0049ffff Private Memory rw True False False -
private_0x0000000000500000 0x00500000 0x0050ffff Private Memory rw True False False -
pagefile_0x0000000000510000 0x00510000 0x00697fff Pagefile Backed Memory r True False False -
pagefile_0x00000000006a0000 0x006a0000 0x00820fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000830000 0x00830000 0x01c2ffff Pagefile Backed Memory r True False False -
private_0x0000000001c30000 0x01c30000 0x01c6ffff Private Memory rw True False False -
private_0x0000000001d30000 0x01d30000 0x01d6ffff Private Memory rw True False False -
sortdefault.nls 0x01d70000 0x0203efff Memory Mapped File r False False False -
rpcrtremote.dll 0x74d30000 0x74d3dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74d40000 0x74d7afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74d80000 0x74d95fff Memory Mapped File rwx False False False -
vssapi.dll 0x74da0000 0x74eb5fff Memory Mapped File rwx False False False -
vsstrace.dll 0x74ec0000 0x74ecffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
atl.dll 0x75030000 0x75043fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #32: wmic.exe
22 0
»
Information Value
ID #32
File Name c:\windows\syswow64\wbem\wmic.exe
Command Line wmic shadowcopy delete
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:04, Reason: Child Process
Unmonitor End Time: 00:01:08, Reason: Self Terminated
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0x8a4
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8D4
0x 8E0
0x 8E4
0x 8DC
0x 8C8
0x 8D8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory rw True False False -
wmic.exe.mui 0x000f0000 0x000fffff Memory Mapped File rw False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory rw True False False -
private_0x0000000000120000 0x00120000 0x0019ffff Private Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory r True False False -
msxml3r.dll 0x001c0000 0x001c0fff Memory Mapped File r False False False -
private_0x00000000001d0000 0x001d0000 0x001effff Private Memory - True False False -
wmic.exe 0x001f0000 0x00252fff Memory Mapped File rwx True False False -
pagefile_0x0000000000260000 0x00260000 0x00261fff Pagefile Backed Memory r True False False -
private_0x0000000000270000 0x00270000 0x002affff Private Memory rw True False False -
windowsshell.manifest 0x002b0000 0x002b0fff Memory Mapped File r False False False -
pagefile_0x00000000002b0000 0x002b0000 0x002b0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory r True False False -
index.dat 0x002d0000 0x002dffff Memory Mapped File rw True False False -
private_0x00000000002e0000 0x002e0000 0x0031ffff Private Memory rw True False False -
private_0x0000000000320000 0x00320000 0x0037ffff Private Memory rw True False False -
index.dat 0x00320000 0x00327fff Memory Mapped File rw True False False -
index.dat 0x00330000 0x0033ffff Memory Mapped File rw True False False -
private_0x0000000000340000 0x00340000 0x0037ffff Private Memory rw True False False -
pagefile_0x0000000000380000 0x00380000 0x00380fff Pagefile Backed Memory r True False False -
private_0x0000000000390000 0x00390000 0x0039ffff Private Memory rw True False False -
pagefile_0x00000000003a0000 0x003a0000 0x003acfff Pagefile Backed Memory rw True False False -
wmiutils.dll.mui 0x003a0000 0x003a4fff Memory Mapped File rw False False False -
private_0x00000000003d0000 0x003d0000 0x004cffff Private Memory rw True False False -
pagefile_0x00000000004d0000 0x004d0000 0x00657fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000660000 0x00660000 0x007e0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000007f0000 0x007f0000 0x01beffff Pagefile Backed Memory r True False False -
rsaenh.dll 0x01bf0000 0x01c2bfff Memory Mapped File r False False False -
private_0x0000000001bf0000 0x01bf0000 0x01c2ffff Private Memory rw True False False -
private_0x0000000001c50000 0x01c50000 0x01c8ffff Private Memory rw True False False -
private_0x0000000001cd0000 0x01cd0000 0x01d0ffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01ecffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01e3ffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01dfffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01dbffff Private Memory rw True False False -
private_0x0000000001d10000 0x01d10000 0x01d7ffff Private Memory rw True False False -
private_0x0000000001d80000 0x01d80000 0x01dbffff Private Memory rw True False False -
private_0x0000000001dc0000 0x01dc0000 0x01dfffff Private Memory rw True False False -
private_0x0000000001e00000 0x01e00000 0x01e3ffff Private Memory rw True False False -
private_0x0000000001e90000 0x01e90000 0x01ecffff Private Memory rw True False False -
sortdefault.nls 0x01ed0000 0x0219efff Memory Mapped File r False False False -
private_0x00000000021a0000 0x021a0000 0x023affff Private Memory rw True False False -
private_0x00000000021a0000 0x021a0000 0x0234ffff Private Memory rw True False False -
kernelbase.dll.mui 0x021a0000 0x0225ffff Memory Mapped File rw False False False -
private_0x0000000002280000 0x02280000 0x022bffff Private Memory rw True False False -
private_0x00000000022c0000 0x022c0000 0x022fffff Private Memory rw True False False -
private_0x0000000002310000 0x02310000 0x0234ffff Private Memory rw True False False -
private_0x0000000002370000 0x02370000 0x023affff Private Memory rw True False False -
private_0x00000000023b0000 0x023b0000 0x0259ffff Private Memory rw True False False -
private_0x00000000023b0000 0x023b0000 0x024affff Private Memory rw True False False -
private_0x00000000024d0000 0x024d0000 0x0250ffff Private Memory rw True False False -
private_0x0000000002510000 0x02510000 0x0254ffff Private Memory rw True False False -
private_0x0000000002560000 0x02560000 0x0259ffff Private Memory rw True False False -
private_0x00000000025a0000 0x025a0000 0x0299ffff Private Memory rw True False False -
private_0x00000000029a0000 0x029a0000 0x02b5ffff Private Memory rw True False False -
pagefile_0x00000000029a0000 0x029a0000 0x02a7efff Pagefile Backed Memory r True False False -
private_0x0000000002af0000 0x02af0000 0x02afffff Private Memory rw True False False -
private_0x0000000002b20000 0x02b20000 0x02b5ffff Private Memory rw True False False -
private_0x0000000002b70000 0x02b70000 0x02baffff Private Memory rw True False False -
private_0x0000000002c20000 0x02c20000 0x02c5ffff Private Memory rw True False False -
private_0x0000000002cc0000 0x02cc0000 0x02cfffff Private Memory rw True False False -
wmiutils.dll 0x74a30000 0x74a46fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x74a60000 0x74a77fff Memory Mapped File rwx False False False -
fastprox.dll 0x74a80000 0x74b15fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x74b20000 0x74b2efff Memory Mapped File rwx False False False -
msvcr90.dll 0x74b30000 0x74bd2fff Memory Mapped File rwx False False False -
msoxmlmf.dll 0x74be0000 0x74becfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74bf0000 0x74bfdfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74c00000 0x74c3afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74c40000 0x74c55fff Memory Mapped File rwx False False False -
dnsapi.dll 0x74c60000 0x74ca3fff Memory Mapped File rwx False False False -
msxml3.dll 0x74cb0000 0x74de2fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74df0000 0x74e4bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74e50000 0x74e59fff Memory Mapped File rwx False False False -
winnsi.dll 0x74e60000 0x74e66fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74e70000 0x74e8bfff Memory Mapped File rwx False False False -
framedynos.dll 0x74e90000 0x74ec4fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74ef0000 0x74f6ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
secur32.dll 0x75030000 0x75037fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75040000 0x7504cfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75100000 0x75120fff Memory Mapped File rwx False False False -
profapi.dll 0x752c0000 0x752cafff Memory Mapped File rwx False False False -
comctl32.dll 0x752f0000 0x7548dfff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
crypt32.dll 0x75720000 0x7583cfff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msasn1.dll 0x75c60000 0x75c6bfff Memory Mapped File rwx False False False -
wldap32.dll 0x75c70000 0x75cb4fff Memory Mapped File rwx False False False -
shell32.dll 0x75cc0000 0x76909fff Memory Mapped File rwx False False False -
iertutil.dll 0x76930000 0x76b2afff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
urlmon.dll 0x76cf0000 0x76e25fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
wininet.dll 0x77040000 0x77134fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Host Behavior
COM (7)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create EB87E1BD-3233-11D2-AEC9-00C04FB68820 EB87E1BC-3233-11D2-AEC9-00C04FB68820 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\XDUWTFONO\ROOT\CIMV2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy False 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (3)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\kernel32.dll base_address = 0x773b0000 True 1
Fn
Get Handle c:\windows\syswow64\wbem\wmic.exe base_address = 0x1f0000 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadUILanguage, address_out = 0x773da84f True 1
Fn
System (6)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Get Time type = System Time, time = 2019-02-21 08:46:16 (UTC) True 1
Fn
Get Time type = Ticks, time = 112726 True 1
Fn
Get Time type = Local Time, time = 2019-02-21 19:46:16 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Process #34: schtasks.exe
21 0
»
Information Value
ID #34
File Name c:\windows\syswow64\schtasks.exe
Command Line schtasks /Create /SC MINUTE /TN "Windows Defender Monitor" /TR "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\
Monitor Start Time: 00:01:08, Reason: Child Process
Unmonitor End Time: 00:01:09, Reason: Self Terminated
Monitor Duration 00:00:01
OS Process Information
»
Information Value
PID 0x8f4
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 904
0x 944
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory rw True False False -
private_0x0000000000080000 0x00080000 0x00080fff Private Memory rw True False False -
schtasks.exe 0x00090000 0x000bdfff Memory Mapped File rwx True False False -
private_0x00000000000c0000 0x000c0000 0x000c0fff Private Memory rw True False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory rw True False False -
schtasks.exe.mui 0x00110000 0x00121fff Memory Mapped File rw False False False -
pagefile_0x0000000000130000 0x00130000 0x00130fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000140000 0x00140000 0x00140fff Pagefile Backed Memory r True False False -
private_0x0000000000170000 0x00170000 0x001effff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x0027ffff Private Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x003dffff Private Memory rw True False False -
locale.nls 0x003e0000 0x00446fff Memory Mapped File r False False False -
pagefile_0x0000000000450000 0x00450000 0x005d7fff Pagefile Backed Memory r True False False -
private_0x0000000000640000 0x00640000 0x0064ffff Private Memory rw True False False -
pagefile_0x0000000000650000 0x00650000 0x007d0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000007e0000 0x007e0000 0x01bdffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x01be0000 0x01eaefff Memory Mapped File r False False False -
private_0x0000000001eb0000 0x01eb0000 0x01f6ffff Private Memory rw True False False -
private_0x0000000001ee0000 0x01ee0000 0x01f1ffff Private Memory rw True False False -
private_0x0000000001f30000 0x01f30000 0x01f6ffff Private Memory rw True False False -
pagefile_0x0000000001f70000 0x01f70000 0x0204efff Pagefile Backed Memory r True False False -
private_0x0000000002070000 0x02070000 0x020affff Private Memory rw True False False -
taskschd.dll 0x74d70000 0x74decfff Memory Mapped File rwx False False False -
xmllite.dll 0x74e60000 0x74e8efff Memory Mapped File rwx False False False -
uxtheme.dll 0x74ef0000 0x74f6ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
ktmw32.dll 0x75030000 0x75038fff Memory Mapped File rwx False False False -
version.dll 0x750f0000 0x750f8fff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Host Behavior
COM (8)
»
Operation Class Interface Additional Information Success Count Logfile
Create TaskScheduler ITaskService cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Execute TaskScheduler ITaskService method_name = Connect, user = 2616496, domain = 629070, password = 3431958528 True 1
Fn
Execute TaskScheduler ITaskService method_name = GetFolder, new_interface = ITaskFolder True 1
Fn
Execute TaskScheduler ITaskService method_name = NewTask, new_interface = ITaskDefinition True 1
Fn
Execute TaskScheduler ITaskDefinition method_name = get_Actions, new_interface = IActionCollection True 1
Fn
Execute TaskScheduler ITaskDefinition method_name = get_Triggers, new_interface = ITriggerCollection True 1
Fn
Execute TaskScheduler ITriggerCollection method_name = Create, type = TASK_TRIGGER_TIME, new_interface = IDailyTrigger True 1
Fn
Execute TaskScheduler IDailyTrigger method_name = put_StartBoundary, start_boundary = 2019-02-21T19:46:00 True 1
Fn
File (5)
»
Operation Filename Additional Information Success Count Logfile
Get Info STD_OUTPUT_HANDLE type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 3
Fn
Write STD_OUTPUT_HANDLE size = 86 True 1
Fn
Data
Module (9)
»
Operation Module Additional Information Success Count Logfile
Load VERSION.dll base_address = 0x750f0000 True 1
Fn
Load ADVAPI32.dll base_address = 0x76f90000 True 1
Fn
Get Handle c:\windows\syswow64\schtasks.exe base_address = 0x90000 True 1
Fn
Get Filename - process_name = c:\windows\syswow64\schtasks.exe, file_name_orig = C:\Windows\SysWOW64\schtasks.exe, size = 260 True 2
Fn
Get Address c:\windows\syswow64\version.dll function = GetFileVersionInfoSizeW, address_out = 0x750f19d9 True 1
Fn
Get Address c:\windows\syswow64\version.dll function = GetFileVersionInfoW, address_out = 0x750f19f4 True 1
Fn
Get Address c:\windows\syswow64\version.dll function = VerQueryValueW, address_out = 0x750f1b51 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetUserNameW, address_out = 0x76fa157a True 1
Fn
System (5)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-02-21 08:46:17 (UTC) True 1
Fn
Get Time type = Ticks, time = 114333 True 1
Fn
Get Time type = Local Time, time = 2019-02-21 19:46:17 (Local Time) True 3
Fn
Process #35: taskeng.exe
0 0
»
Information Value
ID #35
File Name c:\windows\system32\taskeng.exe
Command Line taskeng.exe {0C3AA91E-F11A-45E9-BB3A-18A2AD38FD0E} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:08, Reason: Created Scheduled Job
Unmonitor End Time: 00:01:30, Reason: Self Terminated
Monitor Duration 00:00:22
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x610
Parent PID 0x350 (Unknown)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 20C
0x 63C
0x 694
0x 690
0x 644
0x 620
0x 614
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory rw True False False -
private_0x00000000000d0000 0x000d0000 0x000d0fff Private Memory rw True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000fffff Private Memory rw True False False -
pagefile_0x0000000000100000 0x00100000 0x00100fff Pagefile Backed Memory r True False False -
private_0x0000000000150000 0x00150000 0x001cffff Private Memory rw True False False -
private_0x0000000000260000 0x00260000 0x0035ffff Private Memory rw True False False -
private_0x0000000000360000 0x00360000 0x0045ffff Private Memory rw True False False -
pagefile_0x0000000000460000 0x00460000 0x005e7fff Pagefile Backed Memory r True False False -
pagefile_0x00000000005f0000 0x005f0000 0x00770fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000780000 0x00780000 0x01b7ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000001b80000 0x01b80000 0x01f72fff Pagefile Backed Memory r True False False -
private_0x0000000001ff0000 0x01ff0000 0x0206ffff Private Memory rw True False False -
private_0x00000000020b0000 0x020b0000 0x0212ffff Private Memory rw True False False -
private_0x00000000021d0000 0x021d0000 0x0224ffff Private Memory rw True False False -
private_0x0000000002250000 0x02250000 0x0234ffff Private Memory rw True False False -
private_0x00000000023a0000 0x023a0000 0x0241ffff Private Memory rw True False False -
sortdefault.nls 0x02460000 0x0272efff Memory Mapped File r False False False -
private_0x0000000002740000 0x02740000 0x027bffff Private Memory rw True False False -
private_0x0000000002830000 0x02830000 0x028affff Private Memory rw True False False -
pagefile_0x00000000028b0000 0x028b0000 0x0298efff Pagefile Backed Memory r True False False -
private_0x0000000002a70000 0x02a70000 0x02aeffff Private Memory rw True False False -
private_0x0000000002b10000 0x02b10000 0x02b8ffff Private Memory rw True False False -
user32.dll 0x77640000 0x77739fff Memory Mapped File rwx False False False -
kernel32.dll 0x77740000 0x7785efff Memory Mapped File rwx False False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
taskeng.exe 0xff030000 0xff0a3fff Memory Mapped File rwx False False False -
tschannel.dll 0x7fef7360000 0x7fef7368fff Memory Mapped File rwx False False False -
ktmw32.dll 0x7fefacb0000 0x7fefacb9fff Memory Mapped File rwx False False False -
xmllite.dll 0x7fefbb70000 0x7fefbba4fff Memory Mapped File rwx False False False -
dwmapi.dll 0x7fefbbb0000 0x7fefbbc7fff Memory Mapped File rwx False False False -
uxtheme.dll 0x7fefbf90000 0x7fefbfe5fff Memory Mapped File rwx False False False -
rsaenh.dll 0x7fefcda0000 0x7fefcde6fff Memory Mapped File rwx False False False -
cryptsp.dll 0x7fefd0a0000 0x7fefd0b6fff Memory Mapped File rwx False False False -
wevtapi.dll 0x7fefd2d0000 0x7fefd33cfff Memory Mapped File rwx False False False -
sspicli.dll 0x7fefd670000 0x7fefd694fff Memory Mapped File rwx False False False -
cryptbase.dll 0x7fefd6a0000 0x7fefd6aefff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x7fefd790000 0x7fefd7a3fff Memory Mapped File rwx False False False -
kernelbase.dll 0x7fefd900000 0x7fefd96afff Memory Mapped File rwx False False False -
usp10.dll 0x7fefdb80000 0x7fefdc48fff Memory Mapped File rwx False False False -
oleaut32.dll 0x7fefdc50000 0x7fefdd26fff Memory Mapped File rwx False False False -
lpk.dll 0x7fefdd30000 0x7fefdd3dfff Memory Mapped File rwx False False False -
imm32.dll 0x7fefdd40000 0x7fefdd6dfff Memory Mapped File rwx False False False -
gdi32.dll 0x7fefed10000 0x7fefed76fff Memory Mapped File rwx False False False -
msctf.dll 0x7fefed80000 0x7fefee88fff Memory Mapped File rwx False False False -
advapi32.dll 0x7feff0f0000 0x7feff1cafff Memory Mapped File rwx False False False -
rpcrt4.dll 0x7feff1d0000 0x7feff2fcfff Memory Mapped File rwx False False False -
shlwapi.dll 0x7feff4e0000 0x7feff550fff Memory Mapped File rwx False False False -
clbcatq.dll 0x7feff560000 0x7feff5f8fff Memory Mapped File rwx False False False -
sechost.dll 0x7feff850000 0x7feff86efff Memory Mapped File rwx False False False -
ole32.dll 0x7feff870000 0x7feffa72fff Memory Mapped File rwx False False False -
msvcrt.dll 0x7feffa80000 0x7feffb1efff Memory Mapped File rwx False False False -
apisetschema.dll 0x7feffb80000 0x7feffb80fff Memory Mapped File rwx False False False -
private_0x000007fffffae000 0x7fffffae000 0x7fffffaffff Private Memory rw True False False -
pagefile_0x000007fffffb0000 0x7fffffb0000 0x7fffffd2fff Pagefile Backed Memory r True False False -
private_0x000007fffffd3000 0x7fffffd3000 0x7fffffd4fff Private Memory rw True False False -
private_0x000007fffffd5000 0x7fffffd5000 0x7fffffd6fff Private Memory rw True False False -
private_0x000007fffffd7000 0x7fffffd7000 0x7fffffd8fff Private Memory rw True False False -
private_0x000007fffffd9000 0x7fffffd9000 0x7fffffdafff Private Memory rw True False False -
private_0x000007fffffdb000 0x7fffffdb000 0x7fffffdcfff Private Memory rw True False False -
private_0x000007fffffdd000 0x7fffffdd000 0x7fffffdefff Private Memory rw True False False -
private_0x000007fffffdf000 0x7fffffdf000 0x7fffffdffff Private Memory rw True False False -
Process #36: wdm.exe
9696 795
»
Information Value
ID #36
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\
Monitor Start Time: 00:01:08, Reason: Child Process
Unmonitor End Time: 00:01:26, Reason: Self Terminated
Monitor Duration 00:00:18
OS Process Information
»
Information Value
PID 0x940
Parent PID 0x5d8 (c:\users\5p5nrgjn0js halpmcxz\desktop\setup.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 948
0x 924
0x 964
0x 968
0x 960
0x 94C
0x 95C
0x 954
0x 984
0x 59C
0x 9A0
0x 304
0x 1C4
0x 7E8
0x 410
0x 79C
0x 4B4
0x 240
0x 138
0x 9A4
0x 6A0
0x 248
0x 228
0x 76C
0x 128
0x 444
0x 360
0x 99C
0x 998
0x 9A8
0x 97C
0x 990
0x 994
0x 98C
0x 978
0x 988
0x 980
0x 9B8
0x 9D0
0x 9CC
0x 9D4
0x 9B0
0x 9C4
0x 9C8
0x 9C0
0x 9AC
0x 9BC
0x 9B4
0x 9E4
0x 9FC
0x 9F8
0x A00
0x 9DC
0x 9F0
0x 9F4
0x 9EC
0x 9D8
0x 9E8
0x 9E0
0x A10
0x A28
0x A24
0x A2C
0x A08
0x A1C
0x A20
0x A18
0x A04
0x A14
0x A0C
0x A3C
0x A54
0x A50
0x A58
0x A34
0x A48
0x A4C
0x A44
0x A30
0x A40
0x A38
0x A68
0x A80
0x A7C
0x A84
0x A60
0x A74
0x A78
0x A70
0x A5C
0x A6C
0x A64
0x A94
0x AAC
0x AA8
0x AB0
0x A8C
0x AA0
0x AA4
0x A9C
0x A88
0x A98
0x A90
0x AC0
0x 600
0x 67C
0x 818
0x 820
0x 84C
0x 844
0x AD8
0x AD4
0x ADC
0x AB8
0x ACC
0x AD0
0x AC8
0x AB4
0x AC4
0x ABC
0x AEC
0x B04
0x B00
0x B08
0x AE4
0x AF8
0x AFC
0x AF4
0x AE0
0x AF0
0x AE8
0x B18
0x B30
0x B2C
0x B34
0x B10
0x B24
0x B28
0x B20
0x B0C
0x B1C
0x B44
0x B14
0x B5C
0x B58
0x B60
0x B3C
0x B50
0x B54
0x B4C
0x B38
0x B48
0x B70
0x B40
0x B88
0x B84
0x B8C
0x B68
0x B7C
0x B80
0x B78
0x B64
0x B74
0x B9C
0x B6C
0x BB4
0x BB0
0x BB8
0x B94
0x BA8
0x BAC
0x BA4
0x B90
0x BA0
0x B98
0x BC8
0x BE0
0x BDC
0x BE4
0x BC0
0x BD4
0x BD8
0x BD0
0x BBC
0x BCC
0x BC4
0x BF4
0x 814
0x 6C0
0x BEC
0x 718
0x 40C
0x BFC
0x BE8
0x BF8
0x BF0
0x 824
0x 834
0x 830
0x 82C
0x 2A8
0x 840
0x 81C
0x 8B0
0x 878
0x 880
0x 8AC
0x 884
0x 870
0x 890
0x 88C
0x 894
0x 888
0x 89C
0x 898
0x 8E8
0x 8D8
0x 8C8
0x 8DC
0x 908
0x 8E0
0x 8E4
0x 8D4
0x 8CC
0x 8A4
0x 8F0
0x 8EC
0x 92C
0x 944
0x 904
0x 474
0x 64C
0x 8F4
0x 604
0x 8FC
0x 180
0x 5AC
0x 4FC
0x 404
0x 5D8
0x 964
0x 960
0x 968
0x 94C
0x 59C
0x 984
0x 954
0x 304
0x 9A0
0x 1C4
0x 79C
0x 7E8
0x 410
0x 4B4
0x 240
0x 138
0x 6A0
0x 9A4
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
tzres.dll 0x000d0000 0x000d0fff Memory Mapped File r False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000f0000 0x000f0000 0x000f1fff Pagefile Backed Memory rw True False False -
private_0x0000000000110000 0x00110000 0x0011ffff Private Memory rw True False False -
private_0x0000000000160000 0x00160000 0x0019ffff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory rw True False False -
private_0x0000000000210000 0x00210000 0x0024ffff Private Memory rw True False False -
private_0x0000000000280000 0x00280000 0x0037ffff Private Memory rw True False False -
pagefile_0x0000000000380000 0x00380000 0x00507fff Pagefile Backed Memory r True False False -
private_0x0000000000520000 0x00520000 0x0059ffff Private Memory rw True False False -
pagefile_0x00000000005a0000 0x005a0000 0x00720fff Pagefile Backed Memory r True False False -
private_0x0000000000740000 0x00740000 0x0083ffff Private Memory rw True False False -
pagefile_0x0000000000840000 0x00840000 0x00c32fff Pagefile Backed Memory r True False False -
private_0x0000000000c50000 0x00c50000 0x00c8ffff Private Memory rw True False False -
private_0x0000000000ca0000 0x00ca0000 0x00cdffff Private Memory rw True False False -
private_0x0000000000d20000 0x00d20000 0x00d5ffff Private Memory rw True False False -
private_0x0000000000d60000 0x00d60000 0x00d9ffff Private Memory rw True False False -
private_0x0000000000dd0000 0x00dd0000 0x00e0ffff Private Memory rw True False False -
private_0x0000000000e10000 0x00e10000 0x00f0ffff Private Memory rw True False False -
private_0x0000000000f10000 0x00f10000 0x0100ffff Private Memory rw True False False -
private_0x0000000001010000 0x01010000 0x0110ffff Private Memory rw True False False -
private_0x0000000001130000 0x01130000 0x0116ffff Private Memory rw True False False -
private_0x00000000011a0000 0x011a0000 0x0129ffff Private Memory rw True False False -
private_0x00000000012a0000 0x012a0000 0x012dffff Private Memory rw True False False -
wdm.exe 0x01310000 0x01401fff Memory Mapped File rwx True True False
pagefile_0x0000000001410000 0x01410000 0x0280ffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x02810000 0x02adefff Memory Mapped File r False False False -
private_0x0000000002b10000 0x02b10000 0x02c0ffff Private Memory rw True False False -
private_0x0000000002c10000 0x02c10000 0x02d2ffff Private Memory rw True False False -
private_0x0000000002c10000 0x02c10000 0x02c4ffff Private Memory rw True False False -
private_0x0000000002c60000 0x02c60000 0x02c9ffff Private Memory rw True False False -
private_0x0000000002ca0000 0x02ca0000 0x02cdffff Private Memory rw True False False -
private_0x0000000002cf0000 0x02cf0000 0x02d2ffff Private Memory rw True False False -
private_0x0000000002d30000 0x02d30000 0x02d6ffff Private Memory rw True False False -
private_0x0000000002d70000 0x02d70000 0x02e6ffff Private Memory rw True False False -
private_0x0000000002e90000 0x02e90000 0x02ecffff Private Memory rw True False False -
private_0x0000000002f20000 0x02f20000 0x02f5ffff Private Memory rw True False False -
private_0x0000000002fa0000 0x02fa0000 0x02fdffff Private Memory rw True False False -
private_0x0000000003010000 0x03010000 0x0310ffff Private Memory rw True False False -
private_0x0000000003130000 0x03130000 0x0316ffff Private Memory rw True False False -
private_0x00000000031a0000 0x031a0000 0x0329ffff Private Memory rw True False False -
private_0x00000000032d0000 0x032d0000 0x0330ffff Private Memory rw True False False -
private_0x0000000003340000 0x03340000 0x0337ffff Private Memory rw True False False -
private_0x00000000033b0000 0x033b0000 0x034affff Private Memory rw True False False -
private_0x00000000034e0000 0x034e0000 0x0351ffff Private Memory rw True False False -
private_0x0000000003550000 0x03550000 0x0364ffff Private Memory rw True False False -
private_0x0000000003650000 0x03650000 0x0374ffff Private Memory rw True False False -
private_0x0000000003790000 0x03790000 0x0388ffff Private Memory rw True False False -
private_0x0000000003890000 0x03890000 0x038cffff Private Memory rw True False False -
private_0x00000000038d0000 0x038d0000 0x0390ffff Private Memory rw True False False -
private_0x0000000003920000 0x03920000 0x03a1ffff Private Memory rw True False False -
private_0x0000000003a70000 0x03a70000 0x03b6ffff Private Memory rw True False False -
private_0x0000000003c10000 0x03c10000 0x03c4ffff Private Memory rw True False False -
private_0x0000000003c60000 0x03c60000 0x03d5ffff Private Memory rw True False False -
private_0x0000000003db0000 0x03db0000 0x03deffff Private Memory rw True False False -
private_0x0000000003e30000 0x03e30000 0x03f2ffff Private Memory rw True False False -
private_0x0000000003f30000 0x03f30000 0x03f6ffff Private Memory rw True False False -
private_0x0000000004000000 0x04000000 0x040fffff Private Memory rw True False False -
private_0x0000000004190000 0x04190000 0x0428ffff Private Memory rw True False False -
private_0x0000000004290000 0x04290000 0x0438ffff Private Memory rw True False False -
private_0x00000000043c0000 0x043c0000 0x044bffff Private Memory rw True False False -
private_0x0000000004560000 0x04560000 0x0465ffff Private Memory rw True False False -
private_0x0000000004660000 0x04660000 0x0475ffff Private Memory rw True False False -
private_0x0000000004760000 0x04760000 0x0485ffff Private Memory rw True False False -
private_0x0000000004980000 0x04980000 0x04a7ffff Private Memory rw True False False -
private_0x0000000004bf0000 0x04bf0000 0x04ceffff Private Memory rw True False False -
private_0x0000000004de0000 0x04de0000 0x04edffff Private Memory rw True False False -
private_0x0000000004ef0000 0x04ef0000 0x04feffff Private Memory rw True False False -
libcrypto-1_1.dll 0x746b0000 0x748b8fff Memory Mapped File rwx True True False
srvcli.dll 0x74ce0000 0x74cf8fff Memory Mapped File rwx False False False -
msvcr120.dll 0x74d00000 0x74dedfff Memory Mapped File rwx True True False
browcli.dll 0x74e60000 0x74e6cfff Memory Mapped File rwx False False False -
netapi32.dll 0x74e70000 0x74e80fff Memory Mapped File rwx False False False -
api-ms-win-core-synch-l1-2-0.dll 0x74f70000 0x74f72fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
wkscli.dll 0x75030000 0x7503efff Memory Mapped File rwx False False False -
netutils.dll 0x75050000 0x75058fff Memory Mapped File rwx False False False -
wshtcpip.dll 0x753e0000 0x753e4fff Memory Mapped File rwx False False False -
mswsock.dll 0x753f0000 0x7542bfff Memory Mapped File rwx False False False -
dhcpcsvc.dll 0x75430000 0x75441fff Memory Mapped File rwx False False False -
cscapi.dll 0x75450000 0x7545afff Memory Mapped File rwx False False False -
winnsi.dll 0x75460000 0x75466fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x75470000 0x7548bfff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
wldap32.dll 0x75c70000 0x75cb4fff Memory Mapped File rwx False False False -
shell32.dll 0x75cc0000 0x76909fff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007ef6b000 0x7ef6b000 0x7ef6dfff Private Memory rw True False False -
private_0x000000007ef6e000 0x7ef6e000 0x7ef70fff Private Memory rw True False False -
private_0x000000007ef71000 0x7ef71000 0x7ef73fff Private Memory rw True False False -
private_0x000000007ef74000 0x7ef74000 0x7ef76fff Private Memory rw True False False -
private_0x000000007ef77000 0x7ef77000 0x7ef79fff Private Memory rw True False False -
private_0x000000007ef7a000 0x7ef7a000 0x7ef7cfff Private Memory rw True False False -
private_0x000000007ef7d000 0x7ef7d000 0x7ef7ffff Private Memory rw True False False -
private_0x000000007ef80000 0x7ef80000 0x7ef82fff Private Memory rw True False False -
private_0x000000007ef83000 0x7ef83000 0x7ef85fff Private Memory rw True False False -
private_0x000000007ef86000 0x7ef86000 0x7ef88fff Private Memory rw True False False -
private_0x000000007ef89000 0x7ef89000 0x7ef8bfff Private Memory rw True False False -
private_0x000000007ef8c000 0x7ef8c000 0x7ef8efff Private Memory rw True False False -
private_0x000000007ef8f000 0x7ef8f000 0x7ef91fff Private Memory rw True False False -
private_0x000000007ef92000 0x7ef92000 0x7ef94fff Private Memory rw True False False -
private_0x000000007ef95000 0x7ef95000 0x7ef97fff Private Memory rw True False False -
private_0x000000007ef98000 0x7ef98000 0x7ef9afff Private Memory rw True False False -
private_0x000000007ef9b000 0x7ef9b000 0x7ef9dfff Private Memory rw True False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 493 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt 0.46 KB MD5: b7b4e087300ffae020d305650f5a3a48
SHA1: f0889a4321094cf6af2f4f3d7c615811ece2ca7b
SHA256: 7dac6880bd7b94a63a2784bdd8dc8d7ea5c0d9cad0431d576468aa329f820d14
SSDeep: 12:TyxqDBvTN+jI2ZVgml9b7bhSFUcwA7SFUcwAyoYVA/4K/wg:ecVcc2Z+c9b7tSEESEi4UTb
False
Host Behavior
File (11)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt type = file_type True 1
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Open STD_OUTPUT_HANDLE - True 2
Fn
Open STD_ERROR_HANDLE - True 2
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 28 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 42 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 40 True 1
Fn
Data
Module (367)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-core-synch-l1-2-0 base_address = 0x0 False 2
Fn
Load kernel32 base_address = 0x0 False 2
Fn
Load kernel32 base_address = 0x773b0000 True 2
Fn
Load api-ms-win-core-fibers-l1-1-1 base_address = 0x0 False 3
Fn
Load api-ms-win-core-synch-l1-2-0 base_address = 0x74f70000 True 1
Fn
Load api-ms-win-core-localization-l1-2-1 base_address = 0x0 False 2
Fn
Load api-ms-win-core-sysinfo-l1-2-1 base_address = 0x0 False 2
Fn
Load api-ms-win-appmodel-runtime-l1-1-1 base_address = 0x0 False 2
Fn
Load ext-ms-win-kernel32-package-current-l1-1-0 base_address = 0x0 False 2
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x773b0000 True 2
Fn
Get Handle c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll base_address = 0x74f70000 True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1310000 True 2
Fn
Get Handle mscoree.dll - False 1
Fn
Get Filename api-ms-win-core-localization-l1-2-1 process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe, size = 260 True 1
Fn
Get Filename api-ms-win-core-localization-l1-2-1 process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe, size = 259 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x773c4f2b True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x773c359f True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x773c1252 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x773c4208 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSectionEx, address_out = 0x773c4d28 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventExW, address_out = 0x7744410b True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSemaphoreExW, address_out = 0x77444195 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadStackGuarantee, address_out = 0x773cd31f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolTimer, address_out = 0x773dee7e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolTimer, address_out = 0x77a8441c True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForThreadpoolTimerCallbacks, address_out = 0x77aac50e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolTimer, address_out = 0x77aac381 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolWait, address_out = 0x773df088 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolWait, address_out = 0x77a905d7 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolWait, address_out = 0x77aaca24 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushProcessWriteBuffers, address_out = 0x77a60b8c True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibraryWhenCallbackReturns, address_out = 0x77b1fde8 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessorNumber, address_out = 0x77ab1e1d True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x77444761 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSymbolicLinkW, address_out = 0x7743cd11 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnumSystemLocalesEx, address_out = 0x7744424f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CompareStringEx, address_out = 0x774446b1 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDateFormatEx, address_out = 0x77456676 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoEx, address_out = 0x77444751 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTimeFormatEx, address_out = 0x774565f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetUserDefaultLocaleName, address_out = 0x774447c1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsValidLocaleName, address_out = 0x774447e1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LCMapStringEx, address_out = 0x774447f1 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentPackageId, address_out = 0x0 False 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount64, address_out = 0x773deee0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll address_out = 0x773c4d28 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitOnceExecuteOnce, address_out = 0x773dd627 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSemaphoreW, address_out = 0x773dca5a True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandleEx, address_out = 0x773dc78f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileInformationByHandle, address_out = 0x773ecbfc True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTimePreciseAsFileTime, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeConditionVariable, address_out = 0x77a78456 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WakeConditionVariable, address_out = 0x77ae7de4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WakeAllConditionVariable, address_out = 0x77aa409d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SleepConditionVariableCS, address_out = 0x77444b32 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeSRWLock, address_out = 0x77a78456 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockExclusive, address_out = 0x77a729f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TryAcquireSRWLockExclusive, address_out = 0x77a84892 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockExclusive, address_out = 0x77a729ab True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SleepConditionVariableSRW, address_out = 0x77444b74 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolWork, address_out = 0x773dee45 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SubmitThreadpoolWork, address_out = 0x77ab8491 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolWork, address_out = 0x77aad8e2 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = InitializeConditionVariable, address_out = 0x77a78456 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = SleepConditionVariableCS, address_out = 0x77444b32 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = WakeAllConditionVariable, address_out = 0x77aa409d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AreFileApisANSI, address_out = 0x774440d1 True 1
Fn
System (9059)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Sleep duration = 50 milliseconds (0.050 seconds) True 15
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 1
Fn
Sleep duration = 0 milliseconds (0.000 seconds) True 1
Fn
Get Time type = System Time, time = 2019-02-21 08:46:18 (UTC) True 4
Fn
Get Time type = System Time, time = 2019-02-21 08:46:30 (UTC) True 30
Fn
Get Time type = Ticks, time = 127265 True 15
Fn
Get Time type = Ticks, time = 127312 True 30
Fn
Get Time type = Ticks, time = 127328 True 47
Fn
Get Time type = Ticks, time = 127343 True 61
Fn
Get Time type = Ticks, time = 127359 True 63
Fn
Get Time type = Ticks, time = 127374 True 69
Fn
Get Time type = Ticks, time = 127390 True 72
Fn
Get Time type = Ticks, time = 127406 True 46
Fn
Get Time type = Ticks, time = 127421 True 72
Fn
Get Time type = Ticks, time = 127437 True 70
Fn
Get Time type = Ticks, time = 127452 True 53
Fn
Get Time type = Ticks, time = 127468 True 32
Fn
Get Time type = System Time, time = 2019-02-21 08:46:31 (UTC) True 153
Fn
Get Time type = Ticks, time = 127484 True 60
Fn
Get Time type = Ticks, time = 127499 True 69
Fn
Get Time type = Ticks, time = 127515 True 62
Fn
Get Time type = Ticks, time = 127530 True 78
Fn
Get Time type = Ticks, time = 127546 True 89
Fn
Get Time type = Ticks, time = 127562 True 78
Fn
Get Time type = Ticks, time = 127577 True 87
Fn
Get Time type = Ticks, time = 127593 True 87
Fn
Get Time type = Ticks, time = 127608 True 81
Fn
Get Time type = Ticks, time = 127624 True 79
Fn
Get Time type = Ticks, time = 127640 True 84
Fn
Get Time type = Ticks, time = 127655 True 84
Fn
Get Time type = Ticks, time = 127671 True 66
Fn
Get Time type = Ticks, time = 127686 True 87
Fn
Get Time type = Ticks, time = 127702 True 87
Fn
Get Time type = Ticks, time = 127718 True 73
Fn
Get Time type = Ticks, time = 127733 True 72
Fn
Get Time type = Ticks, time = 127749 True 87
Fn
Get Time type = Ticks, time = 127764 True 80
Fn
Get Time type = Ticks, time = 127780 True 71
Fn
Get Time type = Ticks, time = 127796 True 64
Fn
Get Time type = Ticks, time = 127811 True 79
Fn
Get Time type = Ticks, time = 127827 True 66
Fn
Get Time type = Ticks, time = 127842 True 84
Fn
Get Time type = Ticks, time = 127858 True 67
Fn
Get Time type = Ticks, time = 127874 True 87
Fn
Get Time type = Ticks, time = 127889 True 64
Fn
Get Time type = Ticks, time = 127905 True 18
Fn
Get Time type = Ticks, time = 127920 True 12
Fn
Get Time type = Ticks, time = 127936 True 18
Fn
Get Time type = Ticks, time = 127952 True 18
Fn
Get Time type = Ticks, time = 127967 True 12
Fn
Get Time type = Ticks, time = 127983 True 18
Fn
Get Time type = Ticks, time = 127998 True 12
Fn
Get Time type = Ticks, time = 128014 True 12
Fn
Get Time type = Ticks, time = 128030 True 18
Fn
Get Time type = Ticks, time = 128045 True 18
Fn
Get Time type = Ticks, time = 128061 True 12
Fn
Get Time type = Ticks, time = 128076 True 18
Fn
Get Time type = Ticks, time = 128092 True 12
Fn
Get Time type = Ticks, time = 128279 True 3
Fn
Get Time type = Ticks, time = 128326 True 47
Fn
Get Time type = Ticks, time = 128342 True 54
Fn
Get Time type = Ticks, time = 128357 True 9
Fn
Get Time type = Ticks, time = 128373 True 9
Fn
Get Time type = Ticks, time = 128388 True 9
Fn
Get Time type = Ticks, time = 128404 True 9
Fn
Get Time type = Ticks, time = 128420 True 45
Fn
Get Time type = Ticks, time = 128435 True 39
Fn
Get Time type = Ticks, time = 128451 True 9
Fn
Get Time type = Ticks, time = 128466 True 22
Fn
Get Time type = System Time, time = 2019-02-21 08:46:32 (UTC) True 280
Fn
Get Time type = Ticks, time = 128482 True 36
Fn
Get Time type = Ticks, time = 128498 True 52
Fn
Get Time type = Ticks, time = 128513 True 32
Fn
Get Time type = Ticks, time = 128529 True 67
Fn
Get Time type = Ticks, time = 128544 True 57
Fn
Get Time type = Ticks, time = 128560 True 58
Fn
Get Time type = Ticks, time = 128576 True 75
Fn
Get Time type = Ticks, time = 128591 True 62
Fn
Get Time type = Ticks, time = 128607 True 55
Fn
Get Time type = Ticks, time = 128622 True 61
Fn
Get Time type = Ticks, time = 128638 True 56
Fn
Get Time type = Ticks, time = 128654 True 66
Fn
Get Time type = Ticks, time = 128669 True 55
Fn
Get Time type = Ticks, time = 128685 True 87
Fn
Get Time type = Ticks, time = 128700 True 67
Fn
Get Time type = Ticks, time = 128716 True 73
Fn
Get Time type = Ticks, time = 128732 True 70
Fn
Get Time type = Ticks, time = 128747 True 66
Fn
Get Time type = Ticks, time = 128763 True 44
Fn
Get Time type = Ticks, time = 128778 True 66
Fn
Get Time type = Ticks, time = 128794 True 77
Fn
Get Time type = Ticks, time = 128810 True 87
Fn
Get Time type = Ticks, time = 128825 True 67
Fn
Get Time type = Ticks, time = 128841 True 81
Fn
Get Time type = Ticks, time = 128856 True 73
Fn
Get Time type = Ticks, time = 128872 True 73
Fn
Get Time type = Ticks, time = 128888 True 73
Fn
Get Time type = Ticks, time = 128903 True 78
Fn
Get Time type = Ticks, time = 128919 True 70
Fn
Get Time type = Ticks, time = 128934 True 78
Fn
Get Time type = Ticks, time = 128950 True 78
Fn
Get Time type = Ticks, time = 128966 True 91
Fn
Get Time type = Ticks, time = 128981 True 74
Fn
Get Time type = Ticks, time = 128997 True 81
Fn
Get Time type = Ticks, time = 129012 True 55
Fn
Get Time type = Ticks, time = 129028 True 58
Fn
Get Time type = Ticks, time = 129044 True 64
Fn
Get Time type = Ticks, time = 129059 True 67
Fn
Get Time type = Ticks, time = 129075 True 65
Fn
Get Time type = Ticks, time = 129090 True 42
Fn
Get Time type = Ticks, time = 129106 True 41
Fn
Get Time type = Ticks, time = 129122 True 12
Fn
Get Time type = Ticks, time = 129137 True 41
Fn
Get Time type = Ticks, time = 129153 True 64
Fn
Get Time type = Ticks, time = 129168 True 18
Fn
Get Time type = Ticks, time = 129184 True 18
Fn
Get Time type = Ticks, time = 129200 True 18
Fn
Get Time type = Ticks, time = 129215 True 12
Fn
Get Time type = Ticks, time = 129231 True 12
Fn
Get Time type = Ticks, time = 129246 True 12
Fn
Get Time type = Ticks, time = 129262 True 12
Fn
Get Time type = Ticks, time = 129278 True 12
Fn
Get Time type = Ticks, time = 129293 True 12
Fn
Get Time type = Ticks, time = 129309 True 6
Fn
Get Time type = Ticks, time = 129340 True 12
Fn
Get Time type = Ticks, time = 129356 True 64
Fn
Get Time type = Ticks, time = 129371 True 46
Fn
Get Time type = Ticks, time = 129434 True 44
Fn
Get Time type = Ticks, time = 129449 True 11
Fn
Get Time type = Ticks, time = 129480 True 3
Fn
Get Time type = System Time, time = 2019-02-21 08:46:33 (UTC) True 257
Fn
Get Time type = Ticks, time = 129496 True 49
Fn
Get Time type = Ticks, time = 129512 True 29
Fn
Get Time type = Ticks, time = 129527 True 3
Fn
Get Time type = Ticks, time = 129543 True 6
Fn
Get Time type = Ticks, time = 129558 True 64
Fn
Get Time type = Ticks, time = 129574 True 79
Fn
Get Time type = Ticks, time = 129590 True 63
Fn
Get Time type = Ticks, time = 129605 True 61
Fn
Get Time type = Ticks, time = 129621 True 66
Fn
Get Time type = Ticks, time = 129636 True 58
Fn
Get Time type = Ticks, time = 129652 True 81
Fn
Get Time type = Ticks, time = 129668 True 75
Fn
Get Time type = Ticks, time = 129683 True 72
Fn
Get Time type = Ticks, time = 129699 True 70
Fn
Get Time type = Ticks, time = 129714 True 73
Fn
Get Time type = Ticks, time = 129730 True 49
Fn
Get Time type = Ticks, time = 129746 True 66
Fn
Get Time type = Ticks, time = 129761 True 87
Fn
Get Time type = Ticks, time = 129777 True 61
Fn
Get Time type = Ticks, time = 129792 True 24
Fn
Get Time type = Ticks, time = 129808 True 18
Fn
Get Time type = Ticks, time = 129824 True 27
Fn
Get Time type = Ticks, time = 129839 True 56
Fn
Get Time type = Ticks, time = 129855 True 58
Fn
Get Time type = Ticks, time = 129870 True 81
Fn
Get Time type = Ticks, time = 129886 True 78
Fn
Get Time type = Ticks, time = 129902 True 45
Fn
Get Time type = Ticks, time = 129917 True 18
Fn
Get Time type = Ticks, time = 129933 True 21
Fn
Get Time type = Ticks, time = 129948 True 27
Fn
Get Time type = Ticks, time = 129964 True 24
Fn
Get Time type = Ticks, time = 129980 True 24
Fn
Get Time type = Ticks, time = 129995 True 9
Fn
Get Time type = Ticks, time = 130011 True 9
Fn
Get Time type = Ticks, time = 130026 True 3
Fn
Get Time type = Ticks, time = 130042 True 12
Fn
Get Time type = Ticks, time = 130058 True 18
Fn
Get Time type = Ticks, time = 130073 True 21
Fn
Get Time type = Ticks, time = 130089 True 18
Fn
Get Time type = Ticks, time = 130104 True 9
Fn
Get Time type = Ticks, time = 130120 True 3
Fn
Get Time type = Ticks, time = 130151 True 3
Fn
Get Time type = Ticks, time = 130167 True 6
Fn
Get Time type = Ticks, time = 130370 True 6
Fn
Get Time type = Ticks, time = 130385 True 6
Fn
Get Time type = Ticks, time = 130448 True 6
Fn
Get Time type = Ticks, time = 130510 True 6
Fn
Get Time type = System Time, time = 2019-02-21 08:46:34 (UTC) True 119
Fn
Get Time type = Ticks, time = 130526 True 3
Fn
Get Time type = Ticks, time = 130572 True 6
Fn
Get Time type = Ticks, time = 130588 True 9
Fn
Get Time type = Ticks, time = 130604 True 6
Fn
Get Time type = Ticks, time = 130619 True 9
Fn
Get Time type = Ticks, time = 130635 True 6
Fn
Get Time type = Ticks, time = 130650 True 6
Fn
Get Time type = Ticks, time = 130666 True 9
Fn
Get Time type = Ticks, time = 130682 True 9
Fn
Get Time type = Ticks, time = 130697 True 9
Fn
Get Time type = Ticks, time = 130713 True 6
Fn
Get Time type = Ticks, time = 130728 True 9
Fn
Get Time type = Ticks, time = 130744 True 6
Fn
Get Time type = Ticks, time = 130760 True 6
Fn
Get Time type = Ticks, time = 130775 True 9
Fn
Get Time type = Ticks, time = 130791 True 6
Fn
Get Time type = Ticks, time = 130853 True 6
Fn
Get Time type = Ticks, time = 130869 True 3
Fn
Get Time type = Ticks, time = 130884 True 9
Fn
Get Time type = Ticks, time = 130900 True 6
Fn
Get Time type = Ticks, time = 130916 True 50
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = WindowsDefenderMonitorMutex True 1
Fn
Environment (3)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 2
Fn
Data
Get Environment String name = OPENSSL_ia32cap False 1
Fn
Network Behavior
TCP Sessions (265)
»
Information Value
Total Data Sent 0 bytes
Total Data Received 0 bytes
Contacted Host Count 256
Contacted Hosts 192.168.0.0:445, 192.168.0.1:445, 192.168.0.2:445, 192.168.0.3:445, 192.168.0.4:445, 192.168.0.5:445, 192.168.0.6:445, 192.168.0.7:445, 192.168.0.8:445, 192.168.0.9:445, 192.168.0.10:445, 192.168.0.11:445, 192.168.0.12:445, 192.168.0.13:445, 192.168.0.14:445, 192.168.0.15:445, 192.168.0.16:445, 192.168.0.17:445, 192.168.0.18:445, 192.168.0.19:445, 192.168.0.20:445, 192.168.0.21:445, 192.168.0.22:445, 192.168.0.23:445, 192.168.0.24:445, 192.168.0.25:445, 192.168.0.26:445, 192.168.0.27:445, 192.168.0.28:445, 192.168.0.29:445, 192.168.0.30:445, 192.168.0.31:445, 192.168.0.32:445, 192.168.0.33:445, 192.168.0.34:445, 192.168.0.35:445, 192.168.0.36:445, 192.168.0.37:445, 192.168.0.38:445, 192.168.0.39:445, 192.168.0.40:445, 192.168.0.41:445, 192.168.0.42:445, 192.168.0.43:445, 192.168.0.44:445, 192.168.0.45:445, 192.168.0.46:445, 192.168.0.47:445, 192.168.0.48:445, 192.168.0.49:445, 192.168.0.50:445, 192.168.0.51:445, 192.168.0.52:445, 192.168.0.53:445, 192.168.0.54:445, 192.168.0.55:445, 192.168.0.56:445, 192.168.0.57:445, 192.168.0.58:445, 192.168.0.59:445, 192.168.0.60:445, 192.168.0.61:445, 192.168.0.62:445, 192.168.0.63:445, 192.168.0.64:445, 192.168.0.65:445, 192.168.0.66:445, 192.168.0.67:445, 192.168.0.68:445, 192.168.0.69:445, 192.168.0.70:445, 192.168.0.71:445, 192.168.0.72:445, 192.168.0.73:445, 192.168.0.74:445, 192.168.0.75:445, 192.168.0.76:445, 192.168.0.77:445, 192.168.0.78:445, 192.168.0.79:445, 192.168.0.80:445, 192.168.0.81:445, 192.168.0.82:445, 192.168.0.83:445, 192.168.0.84:445, 192.168.0.85:445, 192.168.0.86:445, 192.168.0.87:445, 192.168.0.88:445, 192.168.0.89:445, 192.168.0.90:445, 192.168.0.91:445, 192.168.0.92:445, 192.168.0.93:445, 192.168.0.94:445, 192.168.0.95:445, 192.168.0.96:445, 192.168.0.97:445, 192.168.0.98:445, 192.168.0.99:445, 192.168.0.100:445, 192.168.0.101:445, 192.168.0.102:445, 192.168.0.103:445, 192.168.0.104:445, 192.168.0.105:445, 192.168.0.106:445, 192.168.0.107:445, 192.168.0.108:445, 192.168.0.109:445, 192.168.0.110:445, 192.168.0.111:445, 192.168.0.112:445, 192.168.0.113:445, 192.168.0.114:445, 192.168.0.115:445, 192.168.0.116:445, 192.168.0.117:445, 192.168.0.118:445, 192.168.0.119:445, 192.168.0.120:445, 192.168.0.121:445, 192.168.0.122:445, 192.168.0.123:445, 192.168.0.124:445, 192.168.0.125:445, 192.168.0.126:445, 192.168.0.127:445, 192.168.0.128:445, 192.168.0.129:445, 192.168.0.130:445, 192.168.0.131:445, 192.168.0.132:445, 192.168.0.133:445, 192.168.0.134:445, 192.168.0.135:445, 192.168.0.136:445, 192.168.0.137:445, 192.168.0.138:445, 192.168.0.139:445, 192.168.0.140:445, 192.168.0.141:445, 192.168.0.142:445, 192.168.0.143:445, 192.168.0.144:445, 192.168.0.145:445, 192.168.0.146:445, 192.168.0.147:445, 192.168.0.148:445, 192.168.0.149:445, 192.168.0.150:445, 192.168.0.151:445, 192.168.0.152:445, 192.168.0.153:445, 192.168.0.154:445, 192.168.0.156:445, 192.168.0.157:445, 192.168.0.158:445, 192.168.0.159:445, 192.168.0.160:445, 192.168.0.161:445, 192.168.0.162:445, 192.168.0.163:445, 192.168.0.164:445, 192.168.0.165:445, 192.168.0.166:445, 192.168.0.167:445, 192.168.0.168:445, 192.168.0.169:445, 192.168.0.170:445, 192.168.0.171:445, 192.168.0.172:445, 192.168.0.173:445, 192.168.0.174:445, 192.168.0.175:445, 192.168.0.176:445, 192.168.0.177:445, 192.168.0.178:445, 192.168.0.179:445, 192.168.0.180:445, 192.168.0.181:445, 192.168.0.182:445, 192.168.0.183:445, 192.168.0.184:445, 192.168.0.185:445, 192.168.0.186:445, 192.168.0.187:445, 192.168.0.188:445, 192.168.0.189:445, 192.168.0.190:445, 192.168.0.191:445, 192.168.0.192:445, 192.168.0.193:445, 192.168.0.194:445, 192.168.0.195:445, 192.168.0.196:445, 192.168.0.197:445, 192.168.0.198:445, 192.168.0.199:445, 192.168.0.200:445, 192.168.0.201:445, 192.168.0.202:445, 192.168.0.203:445, 192.168.0.204:445, 192.168.0.205:445, 192.168.0.206:445, 192.168.0.207:445, 192.168.0.208:445, 192.168.0.209:445, 192.168.0.210:445, 192.168.0.211:445, 192.168.0.212:445, 192.168.0.213:445, 192.168.0.214:445, 192.168.0.215:445, 192.168.0.216:445, 192.168.0.217:445, 192.168.0.218:445, 192.168.0.219:445, 192.168.0.220:445, 192.168.0.221:445, 192.168.0.222:445, 192.168.0.223:445, 192.168.0.224:445, 192.168.0.225:445, 192.168.0.226:445, 192.168.0.227:445, 192.168.0.228:445, 192.168.0.229:445, 192.168.0.230:445, 192.168.0.231:445, 192.168.0.232:445, 192.168.0.233:445, 192.168.0.234:445, 192.168.0.235:445, 192.168.0.236:445, 192.168.0.237:445, 192.168.0.238:445, 192.168.0.239:445, 192.168.0.240:445, 192.168.0.241:445, 192.168.0.242:445, 192.168.0.243:445, 192.168.0.244:445, 192.168.0.245:445, 192.168.0.246:445, 192.168.0.247:445, 192.168.0.248:445, 192.168.0.249:445, 192.168.0.250:445, 192.168.0.251:445, 192.168.0.252:445, 192.168.0.253:445, 192.168.0.254:445, 192.168.0.255:445, 89.144.25.156:80
TCP Session #1
»
Information Value
Handle 0x15c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.0
Remote Port 445
Local Address 0.0.0.0
Local Port 49159
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.0, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Handle 0x144
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.1
Remote Port 445
Local Address 0.0.0.0
Local Port 49158
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.1, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #3
»
Information Value
Handle 0x16c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.2
Remote Port 445
Local Address 0.0.0.0
Local Port 49161
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.2, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #4
»
Information Value
Handle 0x168
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.3
Remote Port 445
Local Address 0.0.0.0
Local Port 49160
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.3, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #5
»
Information Value
Handle 0x178
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.4
Remote Port 445
Local Address 0.0.0.0
Local Port 49162
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.4, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #6
»
Information Value
Handle 0x184
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.5
Remote Port 445
Local Address 0.0.0.0
Local Port 49163
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.5, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #7
»
Information Value
Handle 0x190
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.6
Remote Port 445
Local Address 0.0.0.0
Local Port 49164
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.6, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #8
»
Information Value
Handle 0x19c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.7
Remote Port 445
Local Address 0.0.0.0
Local Port 49165
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.7, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #9
»
Information Value
Handle 0x1a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.8
Remote Port 445
Local Address 0.0.0.0
Local Port 49166
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.8, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #10
»
Information Value
Handle 0x1b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.9
Remote Port 445
Local Address 0.0.0.0
Local Port 49167
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.9, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #11
»
Information Value
Handle 0x1c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.10
Remote Port 445
Local Address 0.0.0.0
Local Port 49168
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.10, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #12
»
Information Value
Handle 0x1cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.11
Remote Port 445
Local Address 0.0.0.0
Local Port 49169
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.11, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #13
»
Information Value
Handle 0x1d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.12
Remote Port 445
Local Address 0.0.0.0
Local Port 49170
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.12, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #14
»
Information Value
Handle 0x1e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.13
Remote Port 445
Local Address 0.0.0.0
Local Port 49171
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.13, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #15
»
Information Value
Handle 0x1f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.14
Remote Port 445
Local Address 0.0.0.0
Local Port 49172
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.14, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #16
»
Information Value
Handle 0x1fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.15
Remote Port 445
Local Address 0.0.0.0
Local Port 49173
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.15, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #17
»
Information Value
Handle 0x208
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.16
Remote Port 445
Local Address 0.0.0.0
Local Port 49174
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.16, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #18
»
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.17
Remote Port 445
Local Address 0.0.0.0
Local Port 49175
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.17, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #19
»
Information Value
Handle 0x220
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.18
Remote Port 445
Local Address 0.0.0.0
Local Port 49176
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.18, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #20
»
Information Value
Handle 0x22c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.19
Remote Port 445
Local Address 0.0.0.0
Local Port 49177
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.19, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #21
»
Information Value
Handle 0x238
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.20
Remote Port 445
Local Address 0.0.0.0
Local Port 49178
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.20, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #22
»
Information Value
Handle 0x244
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.21
Remote Port 445
Local Address 0.0.0.0
Local Port 49179
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.21, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #23
»
Information Value
Handle 0x250
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.22
Remote Port 445
Local Address 0.0.0.0
Local Port 49180
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.22, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #24
»
Information Value
Handle 0x25c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.23
Remote Port 445
Local Address 0.0.0.0
Local Port 49181
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.23, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #25
»
Information Value
Handle 0x268
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.24
Remote Port 445
Local Address 0.0.0.0
Local Port 49182
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.24, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #26
»
Information Value
Handle 0x274
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.25
Remote Port 445
Local Address 0.0.0.0
Local Port 49183
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.25, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #27
»
Information Value
Handle 0x280
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.26
Remote Port 445
Local Address 0.0.0.0
Local Port 49184
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.26, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #28
»
Information Value
Handle 0x28c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.27
Remote Port 445
Local Address 0.0.0.0
Local Port 49185
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.27, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #29
»
Information Value
Handle 0x298
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.28
Remote Port 445
Local Address 0.0.0.0
Local Port 49186
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.28, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #30
»
Information Value
Handle 0x2a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.29
Remote Port 445
Local Address 0.0.0.0
Local Port 49187
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.29, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #31
»
Information Value
Handle 0x2b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.30
Remote Port 445
Local Address 0.0.0.0
Local Port 49188
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.30, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #32
»
Information Value
Handle 0x2bc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.31
Remote Port 445
Local Address 0.0.0.0
Local Port 49189
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.31, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #33
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.32
Remote Port 445
Local Address 0.0.0.0
Local Port 49190
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.32, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #34
»
Information Value
Handle 0x2d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.33
Remote Port 445
Local Address 0.0.0.0
Local Port 49191
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.33, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #35
»
Information Value
Handle 0x2e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.34
Remote Port 445
Local Address 0.0.0.0
Local Port 49192
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.34, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #36
»
Information Value
Handle 0x2ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.35
Remote Port 445
Local Address 0.0.0.0
Local Port 49193
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.35, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #37
»
Information Value
Handle 0x2f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.36
Remote Port 445
Local Address 0.0.0.0
Local Port 49194
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.36, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #38
»
Information Value
Handle 0x304
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.37
Remote Port 445
Local Address 0.0.0.0
Local Port 49195
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.37, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #39
»
Information Value
Handle 0x310
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.38
Remote Port 445
Local Address 0.0.0.0
Local Port 49196
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.38, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #40
»
Information Value
Handle 0x31c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.39
Remote Port 445
Local Address 0.0.0.0
Local Port 49197
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.39, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #41
»
Information Value
Handle 0x328
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.40
Remote Port 445
Local Address 0.0.0.0
Local Port 49198
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.40, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #42
»
Information Value
Handle 0x334
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.41
Remote Port 445
Local Address 0.0.0.0
Local Port 49199
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.41, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #43
»
Information Value
Handle 0x340
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.42
Remote Port 445
Local Address 0.0.0.0
Local Port 49200
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.42, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #44
»
Information Value
Handle 0x34c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.43
Remote Port 445
Local Address 0.0.0.0
Local Port 49201
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.43, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #45
»
Information Value
Handle 0x358
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.44
Remote Port 445
Local Address 0.0.0.0
Local Port 49202
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.44, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #46
»
Information Value
Handle 0x364
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.45
Remote Port 445
Local Address 0.0.0.0
Local Port 49203
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.45, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #47
»
Information Value
Handle 0x370
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.46
Remote Port 445
Local Address 0.0.0.0
Local Port 49204
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.46, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #48
»
Information Value
Handle 0x37c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.47
Remote Port 445
Local Address 0.0.0.0
Local Port 49205
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.47, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #49
»
Information Value
Handle 0x388
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.48
Remote Port 445
Local Address 0.0.0.0
Local Port 49206
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.48, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #50
»
Information Value
Handle 0x394
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.49
Remote Port 445
Local Address 0.0.0.0
Local Port 49207
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.49, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #51
»
Information Value
Handle 0x3a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.50
Remote Port 445
Local Address 0.0.0.0
Local Port 49208
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.50, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #52
»
Information Value
Handle 0x3ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.51
Remote Port 445
Local Address 0.0.0.0
Local Port 49209
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.51, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #53
»
Information Value
Handle 0x3b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.52
Remote Port 445
Local Address 0.0.0.0
Local Port 49210
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.52, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #54
»
Information Value
Handle 0x3c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.53
Remote Port 445
Local Address 0.0.0.0
Local Port 49211
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.53, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #55
»
Information Value
Handle 0x3d0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.54
Remote Port 445
Local Address 0.0.0.0
Local Port 49212
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.54, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #56
»
Information Value
Handle 0x3dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.55
Remote Port 445
Local Address 0.0.0.0
Local Port 49213
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.55, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #57
»
Information Value
Handle 0x3e8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.56
Remote Port 445
Local Address 0.0.0.0
Local Port 49214
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.56, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #58
»
Information Value
Handle 0x3f4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.57
Remote Port 445
Local Address 0.0.0.0
Local Port 49215
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.57, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #59
»
Information Value
Handle 0x404
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.58
Remote Port 445
Local Address 0.0.0.0
Local Port 49216
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.58, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #60
»
Information Value
Handle 0x410
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.59
Remote Port 445
Local Address 0.0.0.0
Local Port 49217
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.59, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #61
»
Information Value
Handle 0x41c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.60
Remote Port 445
Local Address 0.0.0.0
Local Port 49218
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.60, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #62
»
Information Value
Handle 0x428
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.61
Remote Port 445
Local Address 0.0.0.0
Local Port 49219
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.61, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #63
»
Information Value
Handle 0x434
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.62
Remote Port 445
Local Address 0.0.0.0
Local Port 49220
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.62, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #64
»
Information Value
Handle 0x440
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.63
Remote Port 445
Local Address 0.0.0.0
Local Port 49221
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.63, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #65
»
Information Value
Handle 0x44c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.64
Remote Port 445
Local Address 0.0.0.0
Local Port 49222
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.64, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #66
»
Information Value
Handle 0x458
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.65
Remote Port 445
Local Address 0.0.0.0
Local Port 49223
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.65, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #67
»
Information Value
Handle 0x464
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.66
Remote Port 445
Local Address 0.0.0.0
Local Port 49224
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.66, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #68
»
Information Value
Handle 0x470
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.67
Remote Port 445
Local Address 0.0.0.0
Local Port 49225
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.67, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #69
»
Information Value
Handle 0x47c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.68
Remote Port 445
Local Address 0.0.0.0
Local Port 49226
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.68, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #70
»
Information Value
Handle 0x488
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.69
Remote Port 445
Local Address 0.0.0.0
Local Port 49227
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.69, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #71
»
Information Value
Handle 0x494
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.70
Remote Port 445
Local Address 0.0.0.0
Local Port 49228
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.70, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #72
»
Information Value
Handle 0x4a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.71
Remote Port 445
Local Address 0.0.0.0
Local Port 49229
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.71, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #73
»
Information Value
Handle 0x4ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.72
Remote Port 445
Local Address 0.0.0.0
Local Port 49230
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.72, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #74
»
Information Value
Handle 0x4b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.73
Remote Port 445
Local Address 0.0.0.0
Local Port 49231
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.73, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #75
»
Information Value
Handle 0x4c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.74
Remote Port 445
Local Address 0.0.0.0
Local Port 49232
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.74, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #76
»
Information Value
Handle 0x4d0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.75
Remote Port 445
Local Address 0.0.0.0
Local Port 49233
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.75, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #77
»
Information Value
Handle 0x4dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.76
Remote Port 445
Local Address 0.0.0.0
Local Port 49234
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.76, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #78
»
Information Value
Handle 0x4e8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.77
Remote Port 445
Local Address 0.0.0.0
Local Port 49235
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.77, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #79
»
Information Value
Handle 0x4f4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.78
Remote Port 445
Local Address 0.0.0.0
Local Port 49236
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.78, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #80
»
Information Value
Handle 0x500
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.79
Remote Port 445
Local Address 0.0.0.0
Local Port 49237
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.79, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #81
»
Information Value
Handle 0x50c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.80
Remote Port 445
Local Address 0.0.0.0
Local Port 49238
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.80, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #82
»
Information Value
Handle 0x518
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.81
Remote Port 445
Local Address 0.0.0.0
Local Port 49239
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.81, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #83
»
Information Value
Handle 0x524
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.82
Remote Port 445
Local Address 0.0.0.0
Local Port 49240
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.82, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #84
»
Information Value
Handle 0x530
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.83
Remote Port 445
Local Address 0.0.0.0
Local Port 49241
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.83, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #85
»
Information Value
Handle 0x53c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.84
Remote Port 445
Local Address 0.0.0.0
Local Port 49242
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.84, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #86
»
Information Value
Handle 0x548
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.85
Remote Port 445
Local Address 0.0.0.0
Local Port 49243
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.85, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #87
»
Information Value
Handle 0x554
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.86
Remote Port 445
Local Address 0.0.0.0
Local Port 49244
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.86, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #88
»
Information Value
Handle 0x560
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.87
Remote Port 445
Local Address 0.0.0.0
Local Port 49245
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.87, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #89
»
Information Value
Handle 0x56c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.88
Remote Port 445
Local Address 0.0.0.0
Local Port 49246
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.88, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #90
»
Information Value
Handle 0x578
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.89
Remote Port 445
Local Address 0.0.0.0
Local Port 49247
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.89, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #91
»
Information Value
Handle 0x584
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.90
Remote Port 445
Local Address 0.0.0.0
Local Port 49248
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.90, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #92
»
Information Value
Handle 0x590
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.91
Remote Port 445
Local Address 0.0.0.0
Local Port 49249
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.91, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #93
»
Information Value
Handle 0x59c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.92
Remote Port 445
Local Address 0.0.0.0
Local Port 49250
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.92, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #94
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.93
Remote Port 445
Local Address 0.0.0.0
Local Port 49251
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.93, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #95
»
Information Value
Handle 0x5b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.94
Remote Port 445
Local Address 0.0.0.0
Local Port 49252
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.94, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #96
»
Information Value
Handle 0x5c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.95
Remote Port 445
Local Address 0.0.0.0
Local Port 49253
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.95, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #97
»
Information Value
Handle 0x5cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.96
Remote Port 445
Local Address 0.0.0.0
Local Port 49254
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.96, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #98
»
Information Value
Handle 0x5d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.97
Remote Port 445
Local Address 0.0.0.0
Local Port 49255
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.97, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #99
»
Information Value
Handle 0x5e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.98
Remote Port 445
Local Address 0.0.0.0
Local Port 49256
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.98, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #100
»
Information Value
Handle 0x5ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.99
Remote Port 445
Local Address 0.0.0.0
Local Port 49257
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.99, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #101
»
Information Value
Handle 0x138
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.100
Remote Port 445
Local Address 0.0.0.0
Local Port 49258
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.100, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #102
»
Information Value
Handle 0x110
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.101
Remote Port 445
Local Address 0.0.0.0
Local Port 49259
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.101, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #103
»
Information Value
Handle 0x168
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.102
Remote Port 445
Local Address 0.0.0.0
Local Port 49260
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.102, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #104
»
Information Value
Handle 0x15c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.103
Remote Port 445
Local Address 0.0.0.0
Local Port 49261
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.103, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #105
»
Information Value
Handle 0x208
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.104
Remote Port 445
Local Address 0.0.0.0
Local Port 49262
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.104, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #106
»
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.105
Remote Port 445
Local Address 0.0.0.0
Local Port 49263
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.105, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #107
»
Information Value
Handle 0x22c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.106
Remote Port 445
Local Address 0.0.0.0
Local Port 49264
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.106, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #108
»
Information Value
Handle 0x274
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.107
Remote Port 445
Local Address 0.0.0.0
Local Port 49265
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.107, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #109
»
Information Value
Handle 0x28c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.108
Remote Port 445
Local Address 0.0.0.0
Local Port 49266
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.108, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #110
»
Information Value
Handle 0x2a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.109
Remote Port 445
Local Address 0.0.0.0
Local Port 49267
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.109, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #111
»
Information Value
Handle 0x298
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.110
Remote Port 445
Local Address 0.0.0.0
Local Port 49268
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.110, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #112
»
Information Value
Handle 0x2b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.111
Remote Port 445
Local Address 0.0.0.0
Local Port 49269
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.111, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #113
»
Information Value
Handle 0x2ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.112
Remote Port 445
Local Address 0.0.0.0
Local Port 49270
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.112, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #114
»
Information Value
Handle 0x2d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.113
Remote Port 445
Local Address 0.0.0.0
Local Port 49271
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.113, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #115
»
Information Value
Handle 0x2f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.114
Remote Port 445
Local Address 0.0.0.0
Local Port 49272
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.114, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #116
»
Information Value
Handle 0x2f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.115
Remote Port 445
Local Address 0.0.0.0
Local Port 49273
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.115, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #117
»
Information Value
Handle 0x334
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.116
Remote Port 445
Local Address 0.0.0.0
Local Port 49274
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.116, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #118
»
Information Value
Handle 0x328
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.117
Remote Port 445
Local Address 0.0.0.0
Local Port 49275
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.117, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #119
»
Information Value
Handle 0x34c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.118
Remote Port 445
Local Address 0.0.0.0
Local Port 49276
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.118, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #120
»
Information Value
Handle 0x340
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.119
Remote Port 445
Local Address 0.0.0.0
Local Port 49277
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.119, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #121
»
Information Value
Handle 0x31c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.120
Remote Port 445
Local Address 0.0.0.0
Local Port 49278
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.120, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #122
»
Information Value
Handle 0x370
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.121
Remote Port 445
Local Address 0.0.0.0
Local Port 49279
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.121, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #123
»
Information Value
Handle 0x364
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.122
Remote Port 445
Local Address 0.0.0.0
Local Port 49280
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.122, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #124
»
Information Value
Handle 0x380
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.123
Remote Port 445
Local Address 0.0.0.0
Local Port 49281
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.123, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #125
»
Information Value
Handle 0x38c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.124
Remote Port 445
Local Address 0.0.0.0
Local Port 49282
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.124, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #126
»
Information Value
Handle 0x3a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.125
Remote Port 445
Local Address 0.0.0.0
Local Port 49283
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.125, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #127
»
Information Value
Handle 0x3b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.126
Remote Port 445
Local Address 0.0.0.0
Local Port 49284
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.126, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #128
»
Information Value
Handle 0x3dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.127
Remote Port 445
Local Address 0.0.0.0
Local Port 49285
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.127, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #129
»
Information Value
Handle 0x3f4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.128
Remote Port 445
Local Address 0.0.0.0
Local Port 49286
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.128, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #130
»
Information Value
Handle 0x3e8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.129
Remote Port 445
Local Address 0.0.0.0
Local Port 49287
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.129, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #131
»
Information Value
Handle 0x404
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.130
Remote Port 445
Local Address 0.0.0.0
Local Port 49288
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.130, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #132
»
Information Value
Handle 0x41c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.131
Remote Port 445
Local Address 0.0.0.0
Local Port 49289
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.131, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #133
»
Information Value
Handle 0x410
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.132
Remote Port 445
Local Address 0.0.0.0
Local Port 49290
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.132, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #134
»
Information Value
Handle 0x440
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.133
Remote Port 445
Local Address 0.0.0.0
Local Port 49291
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.133, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #135
»
Information Value
Handle 0x434
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.134
Remote Port 445
Local Address 0.0.0.0
Local Port 49292
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.134, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #136
»
Information Value
Handle 0x428
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.135
Remote Port 445
Local Address 0.0.0.0
Local Port 49293
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.135, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #137
»
Information Value
Handle 0x464
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.136
Remote Port 445
Local Address 0.0.0.0
Local Port 49294
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.136, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #138
»
Information Value
Handle 0x458
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.137
Remote Port 445
Local Address 0.0.0.0
Local Port 49295
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.137, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #139
»
Information Value
Handle 0x470
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.138
Remote Port 445
Local Address 0.0.0.0
Local Port 49296
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.138, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #140
»
Information Value
Handle 0x47c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.139
Remote Port 445
Local Address 0.0.0.0
Local Port 49297
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.139, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #141
»
Information Value
Handle 0x4a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.140
Remote Port 445
Local Address 0.0.0.0
Local Port 49298
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.140, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #142
»
Information Value
Handle 0x494
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.141
Remote Port 445
Local Address 0.0.0.0
Local Port 49299
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.141, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #143
»
Information Value
Handle 0x4ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.142
Remote Port 445
Local Address 0.0.0.0
Local Port 49300
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.142, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #144
»
Information Value
Handle 0x4b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.143
Remote Port 445
Local Address 0.0.0.0
Local Port 49301
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.143, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #145
»
Information Value
Handle 0x4c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.144
Remote Port 445
Local Address 0.0.0.0
Local Port 49302
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.144, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #146
»
Information Value
Handle 0x4d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.145
Remote Port 445
Local Address 0.0.0.0
Local Port 49303
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.145, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #147
»
Information Value
Handle 0x4ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.146
Remote Port 445
Local Address 0.0.0.0
Local Port 49304
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.146, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #148
»
Information Value
Handle 0x508
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.147
Remote Port 445
Local Address 0.0.0.0
Local Port 49305
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.147, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #149
»
Information Value
Handle 0x518
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.148
Remote Port 445
Local Address 0.0.0.0
Local Port 49306
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.148, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #150
»
Information Value
Handle 0x524
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.149
Remote Port 445
Local Address 0.0.0.0
Local Port 49307
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.149, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #151
»
Information Value
Handle 0x53c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.150
Remote Port 445
Local Address 0.0.0.0
Local Port 49308
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.150, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #152
»
Information Value
Handle 0x530
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.151
Remote Port 445
Local Address 0.0.0.0
Local Port 49309
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.151, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #153
»
Information Value
Handle 0x50c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.152
Remote Port 445
Local Address 0.0.0.0
Local Port 49310
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.152, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #154
»
Information Value
Handle 0x54c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.153
Remote Port 445
Local Address 0.0.0.0
Local Port 49311
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.153, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #155
»
Information Value
Handle 0x558
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.154
Remote Port 445
Local Address 0.0.0.0
Local Port 49312
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.154, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #156
»
Information Value
Handle 0x564
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.156
Remote Port 445
Local Address 0.0.0.0
Local Port 49313
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.156, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #157
»
Information Value
Handle 0x540
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.157
Remote Port 445
Local Address 0.0.0.0
Local Port 49314
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.157, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #158
»
Information Value
Handle 0x398
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.158
Remote Port 445
Local Address 0.0.0.0
Local Port 49315
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.158, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #159
»
Information Value
Handle 0x59c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.159
Remote Port 445
Local Address 0.0.0.0
Local Port 49316
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.159, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #160
»
Information Value
Handle 0x584
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.160
Remote Port 445
Local Address 0.0.0.0
Local Port 49317
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.160, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #161
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.161
Remote Port 445
Local Address 0.0.0.0
Local Port 49318
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.161, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #162
»
Information Value
Handle 0x5b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.162
Remote Port 445
Local Address 0.0.0.0
Local Port 49319
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.162, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #163
»
Information Value
Handle 0x5c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.163
Remote Port 445
Local Address 0.0.0.0
Local Port 49320
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.163, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #164
»
Information Value
Handle 0x5cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.164
Remote Port 445
Local Address 0.0.0.0
Local Port 49321
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.164, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #165
»
Information Value
Handle 0x5e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.165
Remote Port 445
Local Address 0.0.0.0
Local Port 49322
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.165, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #166
»
Information Value
Handle 0x5ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.166
Remote Port 445
Local Address 0.0.0.0
Local Port 49323
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.166, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #167
»
Information Value
Handle 0x5d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.167
Remote Port 445
Local Address 0.0.0.0
Local Port 49324
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.167, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #168
»
Information Value
Handle 0x590
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.168
Remote Port 445
Local Address 0.0.0.0
Local Port 49325
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.168, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #169
»
Information Value
Handle 0x4cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.169
Remote Port 445
Local Address 0.0.0.0
Local Port 49326
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.169, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #170
»
Information Value
Handle 0x480
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.170
Remote Port 445
Local Address 0.0.0.0
Local Port 49327
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.170, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #171
»
Information Value
Handle 0x444
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.171
Remote Port 445
Local Address 0.0.0.0
Local Port 49328
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.171, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #172
»
Information Value
Handle 0x3c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.172
Remote Port 445
Local Address 0.0.0.0
Local Port 49329
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.172, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #173
»
Information Value
Handle 0x3bc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.173
Remote Port 445
Local Address 0.0.0.0
Local Port 49330
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.173, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #174
»
Information Value
Handle 0x3b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.174
Remote Port 445
Local Address 0.0.0.0
Local Port 49331
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.174, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #175
»
Information Value
Handle 0x390
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.175
Remote Port 445
Local Address 0.0.0.0
Local Port 49332
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.175, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #176
»
Information Value
Handle 0x350
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.176
Remote Port 445
Local Address 0.0.0.0
Local Port 49333
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.176, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #177
»
Information Value
Handle 0x308
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.177
Remote Port 445
Local Address 0.0.0.0
Local Port 49334
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.177, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #178
»
Information Value
Handle 0x2d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.178
Remote Port 445
Local Address 0.0.0.0
Local Port 49335
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.178, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #179
»
Information Value
Handle 0x2b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.179
Remote Port 445
Local Address 0.0.0.0
Local Port 49336
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.179, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #180
»
Information Value
Handle 0x2ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.180
Remote Port 445
Local Address 0.0.0.0
Local Port 49337
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.180, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #181
»
Information Value
Handle 0x278
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.181
Remote Port 445
Local Address 0.0.0.0
Local Port 49338
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.181, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #182
»
Information Value
Handle 0x260
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.182
Remote Port 445
Local Address 0.0.0.0
Local Port 49339
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.182, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #183
»
Information Value
Handle 0x258
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.183
Remote Port 445
Local Address 0.0.0.0
Local Port 49340
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.183, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #184
»
Information Value
Handle 0x24c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.184
Remote Port 445
Local Address 0.0.0.0
Local Port 49341
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.184, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #185
»
Information Value
Handle 0x240
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.185
Remote Port 445
Local Address 0.0.0.0
Local Port 49342
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.185, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #186
»
Information Value
Handle 0x218
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.186
Remote Port 445
Local Address 0.0.0.0
Local Port 49343
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.186, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #187
»
Information Value
Handle 0x230
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.187
Remote Port 445
Local Address 0.0.0.0
Local Port 49344
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.187, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #188
»
Information Value
Handle 0x1f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.188
Remote Port 445
Local Address 0.0.0.0
Local Port 49345
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.188, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #189
»
Information Value
Handle 0x1ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.189
Remote Port 445
Local Address 0.0.0.0
Local Port 49346
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.189, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #190
»
Information Value
Handle 0x1e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.190
Remote Port 445
Local Address 0.0.0.0
Local Port 49347
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.190, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #191
»
Information Value
Handle 0x1c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.191
Remote Port 445
Local Address 0.0.0.0
Local Port 49348
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.191, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #192
»
Information Value
Handle 0x1bc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.192
Remote Port 445
Local Address 0.0.0.0
Local Port 49349
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.192, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #193
»
Information Value
Handle 0x1d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.193
Remote Port 445
Local Address 0.0.0.0
Local Port 49350
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.193, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #194
»
Information Value
Handle 0x1b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.194
Remote Port 445
Local Address 0.0.0.0
Local Port 49351
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.194, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #195
»
Information Value
Handle 0x198
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.195
Remote Port 445
Local Address 0.0.0.0
Local Port 49352
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.195, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #196
»
Information Value
Handle 0x1a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.196
Remote Port 445
Local Address 0.0.0.0
Local Port 49353
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.196, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #197
»
Information Value
Handle 0x174
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.197
Remote Port 445
Local Address 0.0.0.0
Local Port 49354
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.197, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #198
»
Information Value
Handle 0x180
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.198
Remote Port 445
Local Address 0.0.0.0
Local Port 49355
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.198, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #199
»
Information Value
Handle 0x18c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.199
Remote Port 445
Local Address 0.0.0.0
Local Port 49356
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.199, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #200
»
Information Value
Handle 0x5f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.200
Remote Port 445
Local Address 0.0.0.0
Local Port 49357
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.200, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #201
»
Information Value
Handle 0x12c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.201
Remote Port 445
Local Address 0.0.0.0
Local Port 49358
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.201, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #202
»
Information Value
Handle 0x14c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.202
Remote Port 445
Local Address 0.0.0.0
Local Port 49359
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.202, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #203
»
Information Value
Handle 0x140
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.203
Remote Port 445
Local Address 0.0.0.0
Local Port 49360
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.203, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #204
»
Information Value
Handle 0x138
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.204
Remote Port 445
Local Address 0.0.0.0
Local Port 49361
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.204, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #205
»
Information Value
Handle 0x20c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.205
Remote Port 445
Local Address 0.0.0.0
Local Port 49362
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.205, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #206
»
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.206
Remote Port 445
Local Address 0.0.0.0
Local Port 49363
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.206, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #207
»
Information Value
Handle 0x26c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.207
Remote Port 445
Local Address 0.0.0.0
Local Port 49364
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.207, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #208
»
Information Value
Handle 0x224
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.208
Remote Port 445
Local Address 0.0.0.0
Local Port 49365
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.208, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #209
»
Information Value
Handle 0x2a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.209
Remote Port 445
Local Address 0.0.0.0
Local Port 49366
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.209, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #210
»
Information Value
Handle 0x2f4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.210
Remote Port 445
Local Address 0.0.0.0
Local Port 49367
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.210, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #211
»
Information Value
Handle 0x2e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.211
Remote Port 445
Local Address 0.0.0.0
Local Port 49368
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.211, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #212
»
Information Value
Handle 0x328
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.212
Remote Port 445
Local Address 0.0.0.0
Local Port 49369
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.212, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #213
»
Information Value
Handle 0x334
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.213
Remote Port 445
Local Address 0.0.0.0
Local Port 49370
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.213, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #214
»
Information Value
Handle 0x344
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.214
Remote Port 445
Local Address 0.0.0.0
Local Port 49371
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.214, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #215
»
Information Value
Handle 0x338
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.215
Remote Port 445
Local Address 0.0.0.0
Local Port 49372
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.215, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #216
»
Information Value
Handle 0x314
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.216
Remote Port 445
Local Address 0.0.0.0
Local Port 49373
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.216, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #217
»
Information Value
Handle 0x35c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.217
Remote Port 445
Local Address 0.0.0.0
Local Port 49374
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.217, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #218
»
Information Value
Handle 0x364
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.218
Remote Port 445
Local Address 0.0.0.0
Local Port 49375
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.218, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #219
»
Information Value
Handle 0x380
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.219
Remote Port 445
Local Address 0.0.0.0
Local Port 49376
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.219, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #220
»
Information Value
Handle 0x38c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.220
Remote Port 445
Local Address 0.0.0.0
Local Port 49377
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.220, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #221
»
Information Value
Handle 0x2cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.221
Remote Port 445
Local Address 0.0.0.0
Local Port 49378
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.221, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #222
»
Information Value
Handle 0x3a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.222
Remote Port 445
Local Address 0.0.0.0
Local Port 49379
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.222, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #223
»
Information Value
Handle 0x2fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.223
Remote Port 445
Local Address 0.0.0.0
Local Port 49380
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.223, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #224
»
Information Value
Handle 0x3f4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.224
Remote Port 445
Local Address 0.0.0.0
Local Port 49381
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.224, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #225
»
Information Value
Handle 0x3dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.225
Remote Port 445
Local Address 0.0.0.0
Local Port 49382
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.225, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #226
»
Information Value
Handle 0x2c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.226
Remote Port 445
Local Address 0.0.0.0
Local Port 49383
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.226, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #227
»
Information Value
Handle 0x3f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.227
Remote Port 445
Local Address 0.0.0.0
Local Port 49384
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.227, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #228
»
Information Value
Handle 0x39c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.228
Remote Port 445
Local Address 0.0.0.0
Local Port 49385
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.228, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #229
»
Information Value
Handle 0x290
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.229
Remote Port 445
Local Address 0.0.0.0
Local Port 49386
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.229, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #230
»
Information Value
Handle 0x41c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.230
Remote Port 445
Local Address 0.0.0.0
Local Port 49387
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.230, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #231
»
Information Value
Handle 0x410
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.231
Remote Port 445
Local Address 0.0.0.0
Local Port 49388
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.231, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #232
»
Information Value
Handle 0x284
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.232
Remote Port 445
Local Address 0.0.0.0
Local Port 49389
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.232, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #233
»
Information Value
Handle 0x440
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.233
Remote Port 445
Local Address 0.0.0.0
Local Port 49390
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.233, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #234
»
Information Value
Handle 0x434
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.234
Remote Port 445
Local Address 0.0.0.0
Local Port 49391
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.234, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #235
»
Information Value
Handle 0x450
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.235
Remote Port 445
Local Address 0.0.0.0
Local Port 49392
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.235, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #236
»
Information Value
Handle 0x3e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.236
Remote Port 445
Local Address 0.0.0.0
Local Port 49393
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.236, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #237
»
Information Value
Handle 0x49c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.237
Remote Port 445
Local Address 0.0.0.0
Local Port 49394
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.237, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #238
»
Information Value
Handle 0x46c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.238
Remote Port 445
Local Address 0.0.0.0
Local Port 49395
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.238, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #239
»
Information Value
Handle 0x494
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.239
Remote Port 445
Local Address 0.0.0.0
Local Port 49396
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.239, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #240
»
Information Value
Handle 0x4ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.240
Remote Port 445
Local Address 0.0.0.0
Local Port 49397
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.240, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #241
»
Information Value
Handle 0x478
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.241
Remote Port 445
Local Address 0.0.0.0
Local Port 49398
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.241, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #242
»
Information Value
Handle 0x4c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.242
Remote Port 445
Local Address 0.0.0.0
Local Port 49399
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.242, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #243
»
Information Value
Handle 0x4b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.243
Remote Port 445
Local Address 0.0.0.0
Local Port 49400
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.243, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #244
»
Information Value
Handle 0x428
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.244
Remote Port 445
Local Address 0.0.0.0
Local Port 49401
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.244, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #245
»
Information Value
Handle 0x4d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.245
Remote Port 445
Local Address 0.0.0.0
Local Port 49402
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.245, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #246
»
Information Value
Handle 0x22c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.246
Remote Port 445
Local Address 0.0.0.0
Local Port 49403
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.246, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #247
»
Information Value
Handle 0x550
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.247
Remote Port 445
Local Address 0.0.0.0
Local Port 49404
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.247, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #248
»
Information Value
Handle 0x534
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.248
Remote Port 445
Local Address 0.0.0.0
Local Port 49405
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.248, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #249
»
Information Value
Handle 0x564
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.249
Remote Port 445
Local Address 0.0.0.0
Local Port 49406
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.249, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #250
»
Information Value
Handle 0x57c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.250
Remote Port 445
Local Address 0.0.0.0
Local Port 49407
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.250, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #251
»
Information Value
Handle 0x544
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.251
Remote Port 445
Local Address 0.0.0.0
Local Port 49408
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.251, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #252
»
Information Value
Handle 0x5c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.252
Remote Port 445
Local Address 0.0.0.0
Local Port 49409
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.252, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #253
»
Information Value
Handle 0x5b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.253
Remote Port 445
Local Address 0.0.0.0
Local Port 49410
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.253, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #254
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.254
Remote Port 445
Local Address 0.0.0.0
Local Port 49411
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.254, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #255
»
Information Value
Handle 0x5c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.255
Remote Port 445
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.255, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #256
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #257
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #258
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #259
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #260
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #261
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #262
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #263
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #264
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #265
»
Information Value
Handle 0x5a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49413
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
Process #38: wdm.exe
10219 786
»
Information Value
ID #38
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:53, Reason: Autostart
Unmonitor End Time: 00:02:10, Reason: Self Terminated
Monitor Duration 00:00:17
OS Process Information
»
Information Value
PID 0x550
Parent PID 0x48c (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 554
0x 654
0x 668
0x 66C
0x 674
0x 680
0x 690
0x 69C
0x 6AC
0x 6B8
0x 6C8
0x 704
0x 708
0x 70C
0x 710
0x 714
0x 718
0x 720
0x 724
0x 734
0x 73C
0x 740
0x 744
0x 748
0x 74C
0x 750
0x 754
0x 758
0x 75C
0x 760
0x 764
0x 768
0x 76C
0x 770
0x 774
0x 778
0x 77C
0x 780
0x 784
0x 788
0x 78C
0x 790
0x 794
0x 798
0x 79C
0x 7A0
0x 7A4
0x 7A8
0x 7AC
0x 7B0
0x 7B4
0x 7B8
0x 7BC
0x 7C0
0x 7C4
0x 7C8
0x 7CC
0x 7D0
0x 7D4
0x 7D8
0x 7DC
0x 7E0
0x 7E4
0x 7E8
0x 7EC
0x 7F0
0x 7F4
0x 7F8
0x 7FC
0x 194
0x 42C
0x 49C
0x 4CC
0x 14C
0x 504
0x 4A0
0x 514
0x 524
0x 530
0x 534
0x 560
0x 54C
0x 548
0x 570
0x 528
0x 568
0x 584
0x 578
0x 580
0x 55C
0x 558
0x 59C
0x 5A4
0x 598
0x 510
0x 428
0x 2BC
0x 5B0
0x 5AC
0x 594
0x 590
0x 5B8
0x 424
0x 418
0x 41C
0x 420
0x 414
0x 410
0x 4F4
0x 444
0x 5C4
0x 360
0x 364
0x 35C
0x 5D0
0x 5D4
0x 5D8
0x 5E4
0x 604
0x 610
0x 614
0x 564
0x 67C
0x 330
0x 6B4
0x 270
0x 68C
0x 328
0x 32C
0x 320
0x 31C
0x 6C0
0x 6F8
0x 6FC
0x 66C
0x 5EC
0x 5F0
0x 668
0x 674
0x 680
0x 690
0x 69C
0x 6AC
0x 6B8
0x 6C8
0x 704
0x 708
0x 710
0x 714
0x 718
0x 720
0x 724
0x 734
0x 73C
0x 740
0x 744
0x 748
0x 74C
0x 758
0x 760
0x 764
0x 774
0x 778
0x 770
0x 784
0x 790
0x 794
0x 79C
0x 7A8
0x 7BC
0x 7C8
0x 7D0
0x 7E0
0x 7F8
0x 7EC
0x 7FC
0x 194
0x 49C
0x 4CC
0x 14C
0x 514
0x 4A0
0x 524
0x 560
0x 548
0x 578
0x 59C
0x 428
0x 590
0x 418
0x 41C
0x 360
0x 35C
0x 5D0
0x 5E4
0x 610
0x 564
0x 67C
0x 6B4
0x 270
0x 328
0x 31C
0x 6C0
0x 6F8
0x 5F0
0x 680
0x 690
0x 674
0x 6AC
0x 6B8
0x 69C
0x 708
0x 6C8
0x 710
0x 718
0x 714
0x 720
0x 724
0x 73C
0x 748
0x 744
0x 740
0x 74C
0x 750
0x 77C
0x 688
0x 798
0x 768
0x 758
0x 760
0x 764
0x 774
0x 770
0x 784
0x 794
0x 79C
0x 27C
0x 7A8
0x 54C
0x 7BC
0x 7C8
0x 778
0x 7D0
0x 7E0
0x 7F8
0x 7EC
0x 7FC
0x 730
0x 528
0x 194
0x 72C
0x 728
0x 49C
0x 4CC
0x 790
0x 6F4
0x 420
0x 6F0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory r True False False -
locale.nls 0x000a0000 0x00106fff Memory Mapped File r False False False -
tzres.dll 0x00110000 0x00110fff Memory Mapped File r False False False -
pagefile_0x0000000000120000 0x00120000 0x00126fff Pagefile Backed Memory r True False False -
private_0x0000000000130000 0x00130000 0x0022ffff Private Memory rw True False False -
pagefile_0x0000000000230000 0x00230000 0x00231fff Pagefile Backed Memory rw True False False -
private_0x0000000000240000 0x00240000 0x0027ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory rw True False False -
private_0x00000000002e0000 0x002e0000 0x002effff Private Memory rw True False False -
private_0x0000000000300000 0x00300000 0x0033ffff Private Memory rw True False False -
private_0x0000000000360000 0x00360000 0x003dffff Private Memory rw True False False -
private_0x00000000003f0000 0x003f0000 0x0042ffff Private Memory rw True False False -
private_0x0000000000480000 0x00480000 0x004bffff Private Memory rw True False False -
private_0x00000000004c0000 0x004c0000 0x004fffff Private Memory rw True False False -
private_0x0000000000510000 0x00510000 0x0060ffff Private Memory rw True False False -
pagefile_0x0000000000610000 0x00610000 0x00797fff Pagefile Backed Memory r True False False -
pagefile_0x00000000007a0000 0x007a0000 0x00920fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000930000 0x00930000 0x00d22fff Pagefile Backed Memory r True False False -
private_0x0000000000d30000 0x00d30000 0x00d8ffff Private Memory rw True False False -
private_0x0000000000db0000 0x00db0000 0x00eaffff Private Memory rw True False False -
private_0x0000000000ef0000 0x00ef0000 0x00feffff Private Memory rw True False False -
private_0x0000000000ff0000 0x00ff0000 0x0102ffff Private Memory rw True False False -
private_0x0000000001040000 0x01040000 0x0113ffff Private Memory rw True False False -
wdm.exe 0x01170000 0x01261fff Memory Mapped File rwx True True False
pagefile_0x0000000001270000 0x01270000 0x0266ffff Pagefile Backed Memory r True False False -
private_0x00000000026d0000 0x026d0000 0x0270ffff Private Memory rw True False False -
private_0x0000000002720000 0x02720000 0x0281ffff Private Memory rw True False False -
private_0x0000000002740000 0x02740000 0x0277ffff Private Memory rw True False False -
private_0x00000000027a0000 0x027a0000 0x027dffff Private Memory rw True False False -
sortdefault.nls 0x02820000 0x02aeefff Memory Mapped File r False False False -
private_0x0000000002af0000 0x02af0000 0x02b2ffff Private Memory rw True False False -
private_0x0000000002b50000 0x02b50000 0x02c4ffff Private Memory rw True False False -
private_0x0000000002c70000 0x02c70000 0x02caffff Private Memory rw True False False -
private_0x0000000002cb0000 0x02cb0000 0x02daffff Private Memory rw True False False -
private_0x0000000002db0000 0x02db0000 0x02deffff Private Memory rw True False False -
private_0x0000000002e30000 0x02e30000 0x02e6ffff Private Memory rw True False False -
private_0x0000000002e70000 0x02e70000 0x02f6ffff Private Memory rw True False False -
private_0x0000000002f70000 0x02f70000 0x02faffff Private Memory rw True False False -
private_0x0000000002fe0000 0x02fe0000 0x0301ffff Private Memory rw True False False -
private_0x0000000003030000 0x03030000 0x0306ffff Private Memory rw True False False -
private_0x0000000003090000 0x03090000 0x030cffff Private Memory rw True False False -
private_0x0000000003110000 0x03110000 0x0320ffff Private Memory rw True False False -
private_0x0000000003290000 0x03290000 0x032cffff Private Memory rw True False False -
private_0x00000000032f0000 0x032f0000 0x0332ffff Private Memory rw True False False -
private_0x0000000003340000 0x03340000 0x0343ffff Private Memory rw True False False -
private_0x0000000003470000 0x03470000 0x034affff Private Memory rw True False False -
private_0x00000000034b0000 0x034b0000 0x035affff Private Memory rw True False False -
private_0x00000000035f0000 0x035f0000 0x036effff Private Memory rw True False False -
private_0x00000000036f0000 0x036f0000 0x0372ffff Private Memory rw True False False -
private_0x0000000003730000 0x03730000 0x0376ffff Private Memory rw True False False -
private_0x0000000003770000 0x03770000 0x0386ffff Private Memory rw True False False -
private_0x0000000003890000 0x03890000 0x0398ffff Private Memory rw True False False -
private_0x0000000003990000 0x03990000 0x03a8ffff Private Memory rw True False False -
private_0x0000000003a90000 0x03a90000 0x03b8ffff Private Memory rw True False False -
private_0x0000000003b90000 0x03b90000 0x03c8ffff Private Memory rw True False False -
private_0x0000000003ce0000 0x03ce0000 0x03ddffff Private Memory rw True False False -
private_0x0000000003e10000 0x03e10000 0x03f0ffff Private Memory rw True False False -
private_0x0000000003f40000 0x03f40000 0x0403ffff Private Memory rw True False False -
private_0x0000000004040000 0x04040000 0x0407ffff Private Memory rw True False False -
private_0x00000000040d0000 0x040d0000 0x041cffff Private Memory rw True False False -
private_0x0000000004210000 0x04210000 0x0430ffff Private Memory rw True False False -
private_0x0000000004380000 0x04380000 0x043bffff Private Memory rw True False False -
private_0x00000000043d0000 0x043d0000 0x044cffff Private Memory rw True False False -
private_0x00000000044f0000 0x044f0000 0x045effff Private Memory rw True False False -
private_0x0000000004630000 0x04630000 0x0472ffff Private Memory rw True False False -
private_0x0000000004730000 0x04730000 0x0482ffff Private Memory rw True False False -
private_0x0000000004830000 0x04830000 0x0486ffff Private Memory rw True False False -
private_0x00000000048a0000 0x048a0000 0x0499ffff Private Memory rw True False False -
private_0x00000000049a0000 0x049a0000 0x04a9ffff Private Memory rw True False False -
private_0x0000000004c00000 0x04c00000 0x04cfffff Private Memory rw True False False -
srvcli.dll 0x73050000 0x73068fff Memory Mapped File rwx False False False -
netutils.dll 0x73ab0000 0x73ab8fff Memory Mapped File rwx False False False -
netapi32.dll 0x73ac0000 0x73ad0fff Memory Mapped File rwx False False False -
msvcr120.dll 0x73ae0000 0x73bcdfff Memory Mapped File rwx True True False
libcrypto-1_1.dll 0x73bd0000 0x73dd8fff Memory Mapped File rwx True True False
dhcpcsvc.dll 0x73f70000 0x73f81fff Memory Mapped File rwx False False False -
cscapi.dll 0x73f90000 0x73f9afff Memory Mapped File rwx False False False -
api-ms-win-core-synch-l1-2-0.dll 0x73fa0000 0x73fa2fff Memory Mapped File rwx False False False -
winnsi.dll 0x73fb0000 0x73fb6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x73fc0000 0x73fdbfff Memory Mapped File rwx False False False -
browcli.dll 0x73fe0000 0x73fecfff Memory Mapped File rwx False False False -
wkscli.dll 0x73ff0000 0x73ffefff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74000000 0x74007fff Memory Mapped File rwx False False False -
wow64win.dll 0x74010000 0x7406bfff Memory Mapped File rwx False False False -
wow64.dll 0x74070000 0x740aefff Memory Mapped File rwx False False False -
wshtcpip.dll 0x75580000 0x75584fff Memory Mapped File rwx False False False -
mswsock.dll 0x75590000 0x755cbfff Memory Mapped File rwx False False False -
cryptbase.dll 0x755e0000 0x755ebfff Memory Mapped File rwx False False False -
sspicli.dll 0x755f0000 0x7564ffff Memory Mapped File rwx False False False -
sechost.dll 0x756b0000 0x756c8fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x756f0000 0x757dffff Memory Mapped File rwx False False False -
usp10.dll 0x757e0000 0x7587cfff Memory Mapped File rwx False False False -
gdi32.dll 0x75880000 0x7590ffff Memory Mapped File rwx False False False -
shlwapi.dll 0x75910000 0x75966fff Memory Mapped File rwx False False False -
kernel32.dll 0x75980000 0x75a8ffff Memory Mapped File rwx False False False -
imm32.dll 0x75c60000 0x75cbffff Memory Mapped File rwx False False False -
advapi32.dll 0x75cc0000 0x75d5ffff Memory Mapped File rwx False False False -
user32.dll 0x76120000 0x7621ffff Memory Mapped File rwx False False False -
lpk.dll 0x762b0000 0x762b9fff Memory Mapped File rwx False False False -
msctf.dll 0x762c0000 0x7638bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x76520000 0x76554fff Memory Mapped File rwx False False False -
shell32.dll 0x76790000 0x773d9fff Memory Mapped File rwx False False False -
kernelbase.dll 0x773e0000 0x77425fff Memory Mapped File rwx False False False -
msvcrt.dll 0x77430000 0x774dbfff Memory Mapped File rwx False False False -
wldap32.dll 0x77640000 0x77684fff Memory Mapped File rwx False False False -
private_0x0000000077690000 0x77690000 0x77789fff Private Memory rwx True False False -
private_0x0000000077790000 0x77790000 0x778aefff Private Memory rwx True False False -
ntdll.dll 0x778b0000 0x77a58fff Memory Mapped File rwx False False False -
nsi.dll 0x77a60000 0x77a65fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a90000 0x77c0ffff Memory Mapped File rwx False False False -
private_0x000000007ef6e000 0x7ef6e000 0x7ef70fff Private Memory rw True False False -
private_0x000000007ef71000 0x7ef71000 0x7ef73fff Private Memory rw True False False -
private_0x000000007ef74000 0x7ef74000 0x7ef76fff Private Memory rw True False False -
private_0x000000007ef77000 0x7ef77000 0x7ef79fff Private Memory rw True False False -
private_0x000000007ef7a000 0x7ef7a000 0x7ef7cfff Private Memory rw True False False -
private_0x000000007ef7d000 0x7ef7d000 0x7ef7ffff Private Memory rw True False False -
private_0x000000007ef80000 0x7ef80000 0x7ef82fff Private Memory rw True False False -
private_0x000000007ef83000 0x7ef83000 0x7ef85fff Private Memory rw True False False -
private_0x000000007ef86000 0x7ef86000 0x7ef88fff Private Memory rw True False False -
private_0x000000007ef89000 0x7ef89000 0x7ef8bfff Private Memory rw True False False -
private_0x000000007ef8c000 0x7ef8c000 0x7ef8efff Private Memory rw True False False -
private_0x000000007ef8f000 0x7ef8f000 0x7ef91fff Private Memory rw True False False -
private_0x000000007ef92000 0x7ef92000 0x7ef94fff Private Memory rw True False False -
private_0x000000007ef95000 0x7ef95000 0x7ef97fff Private Memory rw True False False -
private_0x000000007ef98000 0x7ef98000 0x7ef9afff Private Memory rw True False False -
private_0x000000007ef9b000 0x7ef9b000 0x7ef9dfff Private Memory rw True False False -
private_0x000000007ef9e000 0x7ef9e000 0x7efa0fff Private Memory rw True False False -
private_0x000000007efa1000 0x7efa1000 0x7efa3fff Private Memory rw True False False -
private_0x000000007efa4000 0x7efa4000 0x7efa6fff Private Memory rw True False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 459 entries are omitted.
The remaining entries can be found in flog.txt.
Host Behavior
File (13)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt type = file_type True 1
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Open STD_OUTPUT_HANDLE - True 2
Fn
Open STD_ERROR_HANDLE - True 2
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 28 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 42 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 40 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 90 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\log.txt size = 69 True 1
Fn
Data
Module (367)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-core-synch-l1-2-0 base_address = 0x0 False 2
Fn
Load kernel32 base_address = 0x0 False 2
Fn
Load kernel32 base_address = 0x75980000 True 2
Fn
Load api-ms-win-core-fibers-l1-1-1 base_address = 0x0 False 3
Fn
Load api-ms-win-core-synch-l1-2-0 base_address = 0x73fa0000 True 1
Fn
Load api-ms-win-core-localization-l1-2-1 base_address = 0x0 False 2
Fn
Load api-ms-win-core-sysinfo-l1-2-1 base_address = 0x0 False 2
Fn
Load api-ms-win-appmodel-runtime-l1-1-1 base_address = 0x0 False 2
Fn
Load ext-ms-win-kernel32-package-current-l1-1-0 base_address = 0x0 False 2
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75980000 True 2
Fn
Get Handle c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll base_address = 0x73fa0000 True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 3
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 2
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe base_address = 0x1170000 True 2
Fn
Get Handle mscoree.dll - False 1
Fn
Get Filename api-ms-win-core-localization-l1-2-1 process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe, size = 260 True 1
Fn
Get Filename api-ms-win-core-localization-l1-2-1 process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\windows defender\wdm.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Windows Defender\wdm.exe, size = 259 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x75994f2b True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7599359f True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x75991252 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x75994208 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSectionEx, address_out = 0x75994d28 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventExW, address_out = 0x75a1410b True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSemaphoreExW, address_out = 0x75a14195 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadStackGuarantee, address_out = 0x7599d31f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolTimer, address_out = 0x759aee7e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolTimer, address_out = 0x77ad441c True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForThreadpoolTimerCallbacks, address_out = 0x77afc50e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolTimer, address_out = 0x77afc381 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolWait, address_out = 0x759af088 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolWait, address_out = 0x77ae05d7 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolWait, address_out = 0x77afca24 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushProcessWriteBuffers, address_out = 0x77ab0b8c True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibraryWhenCallbackReturns, address_out = 0x77b6fde8 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessorNumber, address_out = 0x77b01e1d True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x75a14761 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSymbolicLinkW, address_out = 0x75a0cd11 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnumSystemLocalesEx, address_out = 0x75a1424f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CompareStringEx, address_out = 0x75a146b1 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDateFormatEx, address_out = 0x75a26676 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoEx, address_out = 0x75a14751 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTimeFormatEx, address_out = 0x75a265f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetUserDefaultLocaleName, address_out = 0x75a147c1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsValidLocaleName, address_out = 0x75a147e1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LCMapStringEx, address_out = 0x75a147f1 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentPackageId, address_out = 0x0 False 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount64, address_out = 0x759aeee0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll address_out = 0x75994d28 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitOnceExecuteOnce, address_out = 0x759ad627 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSemaphoreW, address_out = 0x759aca5a True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandleEx, address_out = 0x759ac78f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileInformationByHandle, address_out = 0x759bcbfc True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTimePreciseAsFileTime, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeConditionVariable, address_out = 0x77ac8456 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WakeConditionVariable, address_out = 0x77b37de4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WakeAllConditionVariable, address_out = 0x77af409d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SleepConditionVariableCS, address_out = 0x75a14b32 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeSRWLock, address_out = 0x77ac8456 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockExclusive, address_out = 0x77ac29f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TryAcquireSRWLockExclusive, address_out = 0x77ad4892 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockExclusive, address_out = 0x77ac29ab True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SleepConditionVariableSRW, address_out = 0x75a14b74 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolWork, address_out = 0x759aee45 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SubmitThreadpoolWork, address_out = 0x77b08491 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolWork, address_out = 0x77afd8e2 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = InitializeConditionVariable, address_out = 0x77ac8456 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = SleepConditionVariableCS, address_out = 0x75a14b32 True 1
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = WakeAllConditionVariable, address_out = 0x77af409d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AreFileApisANSI, address_out = 0x75a140d1 True 1
Fn
System (9580)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Sleep duration = 13 milliseconds (0.013 seconds) True 5
Fn
Sleep duration = 1 milliseconds (0.001 seconds) True 65
Fn
Sleep duration = 2 milliseconds (0.002 seconds) True 53
Fn
Sleep duration = 50 milliseconds (0.050 seconds) True 2
Fn
Sleep duration = 12 milliseconds (0.012 seconds) True 4
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 1
Fn
Sleep duration = 0 milliseconds (0.000 seconds) True 1
Fn
Get Time type = System Time, time = 2019-02-20 21:47:17 (UTC) True 1
Fn
Get Time type = System Time, time = 2019-02-20 21:47:18 (UTC) True 7
Fn
Get Time type = Ticks, time = 18829 True 9
Fn
Get Time type = Ticks, time = 19110 True 36
Fn
Get Time type = Ticks, time = 19125 True 9
Fn
Get Time type = Ticks, time = 19203 True 10
Fn
Get Time type = Ticks, time = 19344 True 21
Fn
Get Time type = System Time, time = 2019-02-20 21:47:19 (UTC) True 10
Fn
Get Time type = Ticks, time = 19422 True 23
Fn
Get Time type = Ticks, time = 19437 True 12
Fn
Get Time type = Ticks, time = 19546 True 15
Fn
Get Time type = Ticks, time = 19562 True 16
Fn
Get Time type = Ticks, time = 19578 True 79
Fn
Get Time type = Ticks, time = 19624 True 23
Fn
Get Time type = System Time, time = 2019-02-20 21:47:20 (UTC) True 80
Fn
Get Time type = Ticks, time = 19656 True 23
Fn
Get Time type = Ticks, time = 19734 True 23
Fn
Get Time type = Ticks, time = 19749 True 16
Fn
Get Time type = Ticks, time = 19765 True 7
Fn
Get Time type = Ticks, time = 19780 True 60
Fn
Get Time type = Ticks, time = 19796 True 23
Fn
Get Time type = Ticks, time = 19827 True 22
Fn
Get Time type = Ticks, time = 19843 True 10
Fn
Get Time type = Ticks, time = 19874 True 29
Fn
Get Time type = Ticks, time = 19921 True 23
Fn
Get Time type = Ticks, time = 19936 True 29
Fn
Get Time type = Ticks, time = 19968 True 6
Fn
Get Time type = Ticks, time = 19999 True 6
Fn
Get Time type = Ticks, time = 20014 True 23
Fn
Get Time type = Ticks, time = 20061 True 6
Fn
Get Time type = Ticks, time = 20077 True 52
Fn
Get Time type = Ticks, time = 20092 True 23
Fn
Get Time type = Ticks, time = 20108 True 23
Fn
Get Time type = Ticks, time = 20124 True 18
Fn
Get Time type = Ticks, time = 20139 True 9
Fn
Get Time type = Ticks, time = 20155 True 46
Fn
Get Time type = Ticks, time = 20170 True 23
Fn
Get Time type = Ticks, time = 20186 True 46
Fn
Get Time type = Ticks, time = 20202 True 69
Fn
Get Time type = Ticks, time = 20217 True 78
Fn
Get Time type = Ticks, time = 20233 True 69
Fn
Get Time type = Ticks, time = 20248 True 69
Fn
Get Time type = Ticks, time = 20264 True 62
Fn
Get Time type = Ticks, time = 20280 True 75
Fn
Get Time type = Ticks, time = 20295 True 65
Fn
Get Time type = Ticks, time = 20311 True 75
Fn
Get Time type = Ticks, time = 20326 True 58
Fn
Get Time type = Ticks, time = 20342 True 57
Fn
Get Time type = Ticks, time = 20358 True 84
Fn
Get Time type = Ticks, time = 20373 True 75
Fn
Get Time type = Ticks, time = 20389 True 58
Fn
Get Time type = Ticks, time = 20420 True 15
Fn
Get Time type = Ticks, time = 20436 True 94
Fn
Get Time type = Ticks, time = 20451 True 78
Fn
Get Time type = Ticks, time = 20467 True 59
Fn
Get Time type = Ticks, time = 20482 True 63
Fn
Get Time type = Ticks, time = 20701 True 180
Fn
Get Time type = System Time, time = 2019-02-20 21:47:21 (UTC) True 205
Fn
Get Time type = Ticks, time = 20716 True 69
Fn
Get Time type = Ticks, time = 20732 True 69
Fn
Get Time type = Ticks, time = 20748 True 50
Fn
Get Time type = Ticks, time = 20763 True 60
Fn
Get Time type = Ticks, time = 20779 True 57
Fn
Get Time type = Ticks, time = 20794 True 70
Fn
Get Time type = Ticks, time = 20810 True 43
Fn
Get Time type = Ticks, time = 20826 True 73
Fn
Get Time type = Ticks, time = 20841 True 62
Fn
Get Time type = Ticks, time = 20857 True 61
Fn
Get Time type = Ticks, time = 20872 True 40
Fn
Get Time type = Ticks, time = 20888 True 61
Fn
Get Time type = Ticks, time = 20904 True 63
Fn
Get Time type = Ticks, time = 20919 True 68
Fn
Get Time type = Ticks, time = 20935 True 90
Fn
Get Time type = Ticks, time = 20950 True 63
Fn
Get Time type = Ticks, time = 20966 True 68
Fn
Get Time type = Ticks, time = 20982 True 63
Fn
Get Time type = Ticks, time = 20997 True 65
Fn
Get Time type = Ticks, time = 21013 True 6
Fn
Get Time type = Ticks, time = 21028 True 20
Fn
Get Time type = Ticks, time = 21044 True 18
Fn
Get Time type = Ticks, time = 21060 True 36
Fn
Get Time type = Ticks, time = 21231 True 26
Fn
Get Time type = Ticks, time = 21247 True 108
Fn
Get Time type = Ticks, time = 21262 True 33
Fn
Get Time type = Ticks, time = 21278 True 15
Fn
Get Time type = Ticks, time = 21294 True 21
Fn
Get Time type = Ticks, time = 21356 True 7
Fn
Get Time type = Ticks, time = 21372 True 20
Fn
Get Time type = Ticks, time = 21387 True 9
Fn
Get Time type = Ticks, time = 21434 True 15
Fn
Get Time type = Ticks, time = 21450 True 29
Fn
Get Time type = Ticks, time = 21465 True 11
Fn
Get Time type = Ticks, time = 21481 True 36
Fn
Get Time type = Ticks, time = 21496 True 16
Fn
Get Time type = Ticks, time = 21512 True 69
Fn
Get Time type = Ticks, time = 21528 True 46
Fn
Get Time type = Ticks, time = 21543 True 61
Fn
Get Time type = Ticks, time = 21559 True 70
Fn
Get Time type = Ticks, time = 21574 True 76
Fn
Get Time type = Ticks, time = 21590 True 65
Fn
Get Time type = Ticks, time = 21606 True 73
Fn
Get Time type = Ticks, time = 21621 True 69
Fn
Get Time type = System Time, time = 2019-02-20 21:47:22 (UTC) True 145
Fn
Get Time type = Ticks, time = 21637 True 69
Fn
Get Time type = Ticks, time = 21652 True 89
Fn
Get Time type = Ticks, time = 21668 True 72
Fn
Get Time type = Ticks, time = 21684 True 23
Fn
Get Time type = Ticks, time = 21699 True 6
Fn
Get Time type = Ticks, time = 21715 True 6
Fn
Get Time type = Ticks, time = 21808 True 42
Fn
Get Time type = Ticks, time = 21824 True 60
Fn
Get Time type = Ticks, time = 21840 True 42
Fn
Get Time type = Ticks, time = 21855 True 72
Fn
Get Time type = Ticks, time = 21871 True 55
Fn
Get Time type = Ticks, time = 21886 True 34
Fn
Get Time type = Ticks, time = 21902 True 10
Fn
Get Time type = Ticks, time = 21918 True 8
Fn
Get Time type = Ticks, time = 21933 True 6
Fn
Get Time type = Ticks, time = 22339 True 13
Fn
Get Time type = Ticks, time = 22354 True 12
Fn
Get Time type = Ticks, time = 22370 True 6
Fn
Get Time type = Ticks, time = 22526 True 13
Fn
Get Time type = Ticks, time = 22542 True 30
Fn
Get Time type = Ticks, time = 22557 True 9
Fn
Get Time type = Ticks, time = 22573 True 27
Fn
Get Time type = Ticks, time = 22588 True 26
Fn
Get Time type = Ticks, time = 22604 True 22
Fn
Get Time type = Ticks, time = 22620 True 58
Fn
Get Time type = System Time, time = 2019-02-20 21:47:23 (UTC) True 42
Fn
Get Time type = Ticks, time = 22635 True 12
Fn
Get Time type = Ticks, time = 22651 True 60
Fn
Get Time type = Ticks, time = 22666 True 17
Fn
Get Time type = Ticks, time = 22682 True 14
Fn
Get Time type = Ticks, time = 22698 True 2
Fn
Get Time type = Ticks, time = 22822 True 44
Fn
Get Time type = Ticks, time = 22838 True 8
Fn
Get Time type = Ticks, time = 22932 True 23
Fn
Get Time type = Ticks, time = 22947 True 7
Fn
Get Time type = Ticks, time = 22963 True 16
Fn
Get Time type = Ticks, time = 23025 True 6
Fn
Get Time type = Ticks, time = 23041 True 6
Fn
Get Time type = Ticks, time = 23150 True 7
Fn
Get Time type = Ticks, time = 23166 True 28
Fn
Get Time type = Ticks, time = 23244 True 23
Fn
Get Time type = Ticks, time = 23290 True 7
Fn
Get Time type = Ticks, time = 23306 True 39
Fn
Get Time type = Ticks, time = 23368 True 3
Fn
Get Time type = Ticks, time = 23384 True 3
Fn
Get Time type = Ticks, time = 23446 True 6
Fn
Get Time type = Ticks, time = 23478 True 23
Fn
Get Time type = Ticks, time = 23556 True 12
Fn
Get Time type = Ticks, time = 23618 True 1
Fn
Get Time type = Ticks, time = 23743 True 8
Fn
Get Time type = System Time, time = 2019-02-20 21:47:24 (UTC) True 28
Fn
Get Time type = Ticks, time = 23805 True 9
Fn
Get Time type = Ticks, time = 23821 True 69
Fn
Get Time type = Ticks, time = 23836 True 5
Fn
Get Time type = Ticks, time = 23930 True 46
Fn
Get Time type = Ticks, time = 23946 True 4
Fn
Get Time type = Ticks, time = 23961 True 4
Fn
Get Time type = Ticks, time = 23992 True 23
Fn
Get Time type = Ticks, time = 24008 True 24
Fn
Get Time type = Ticks, time = 24024 True 5
Fn
Get Time type = Ticks, time = 24133 True 44
Fn
Get Time type = Ticks, time = 24148 True 31
Fn
Get Time type = Ticks, time = 24164 True 18
Fn
Get Time type = Ticks, time = 24180 True 26
Fn
Get Time type = Ticks, time = 24195 True 6
Fn
Get Time type = Ticks, time = 24211 True 6
Fn
Get Time type = Ticks, time = 24242 True 6
Fn
Get Time type = Ticks, time = 24258 True 26
Fn
Get Time type = Ticks, time = 24273 True 23
Fn
Get Time type = Ticks, time = 24289 True 12
Fn
Get Time type = Ticks, time = 24304 True 17
Fn
Get Time type = Ticks, time = 24320 True 3
Fn
Get Time type = Ticks, time = 24336 True 8
Fn
Get Time type = Ticks, time = 24351 True 10
Fn
Get Time type = Ticks, time = 24382 True 6
Fn
Get Time type = Ticks, time = 24460 True 6
Fn
Get Time type = Ticks, time = 24476 True 13
Fn
Get Time type = Ticks, time = 24492 True 2
Fn
Get Time type = Ticks, time = 24523 True 9
Fn
Get Time type = Ticks, time = 24538 True 14
Fn
Get Time type = Ticks, time = 24616 True 23
Fn
Get Time type = System Time, time = 2019-02-20 21:47:25 (UTC) True 45
Fn
Get Time type = Ticks, time = 24726 True 24
Fn
Get Time type = Ticks, time = 24741 True 5
Fn
Get Time type = Ticks, time = 24819 True 32
Fn
Get Time type = Ticks, time = 24928 True 60
Fn
Get Time type = Ticks, time = 24944 True 5
Fn
Get Time type = Ticks, time = 24960 True 25
Fn
Get Time type = Ticks, time = 24991 True 18
Fn
Get Time type = Ticks, time = 25006 True 15
Fn
Get Time type = Ticks, time = 25022 True 9
Fn
Get Time type = Ticks, time = 25069 True 23
Fn
Get Time type = Ticks, time = 25131 True 14
Fn
Get Time type = Ticks, time = 25147 True 11
Fn
Get Time type = Ticks, time = 25162 True 25
Fn
Get Time type = Ticks, time = 25178 True 7
Fn
Get Time type = Ticks, time = 25194 True 2
Fn
Get Time type = Ticks, time = 25209 True 12
Fn
Get Time type = Ticks, time = 25225 True 11
Fn
Get Time type = Ticks, time = 25256 True 1
Fn
Get Time type = Ticks, time = 25272 True 8
Fn
Get Time type = Ticks, time = 25287 True 3
Fn
Get Time type = Ticks, time = 25303 True 14
Fn
Get Time type = Ticks, time = 25318 True 11
Fn
Get Time type = Ticks, time = 25334 True 23
Fn
Get Time type = Ticks, time = 25365 True 6
Fn
Get Time type = Ticks, time = 25381 True 23
Fn
Get Time type = Ticks, time = 25443 True 6
Fn
Get Time type = Ticks, time = 25506 True 23
Fn
Get Time type = Ticks, time = 25521 True 29
Fn
Get Time type = Ticks, time = 25537 True 9
Fn
Get Time type = Ticks, time = 25552 True 39
Fn
Get Time type = Ticks, time = 25568 True 30
Fn
Get Time type = Ticks, time = 25584 True 29
Fn
Get Time type = Ticks, time = 25630 True 3
Fn
Get Time type = System Time, time = 2019-02-20 21:47:26 (UTC) True 62
Fn
Get Time type = Ticks, time = 25708 True 52
Fn
Get Time type = Ticks, time = 25724 True 7
Fn
Get Time type = Ticks, time = 25740 True 2
Fn
Get Time type = Ticks, time = 25771 True 18
Fn
Get Time type = Ticks, time = 25786 True 6
Fn
Get Time type = Ticks, time = 25818 True 23
Fn
Get Time type = Ticks, time = 25833 True 26
Fn
Get Time type = Ticks, time = 25849 True 46
Fn
Get Time type = Ticks, time = 25864 True 23
Fn
Get Time type = Ticks, time = 25880 True 23
Fn
Get Time type = Ticks, time = 25896 True 23
Fn
Get Time type = Ticks, time = 25911 True 12
Fn
Get Time type = Ticks, time = 25927 True 24
Fn
Get Time type = Ticks, time = 25942 True 2
Fn
Get Time type = Ticks, time = 25974 True 26
Fn
Get Time type = Ticks, time = 26020 True 6
Fn
Get Time type = Ticks, time = 26036 True 6
Fn
Get Time type = Ticks, time = 26052 True 12
Fn
Get Time type = Ticks, time = 26067 True 6
Fn
Get Time type = Ticks, time = 26083 True 32
Fn
Get Time type = Ticks, time = 26098 True 29
Fn
Get Time type = Ticks, time = 26114 True 23
Fn
Get Time type = Ticks, time = 26130 True 29
Fn
Get Time type = Ticks, time = 26161 True 23
Fn
Get Time type = Ticks, time = 26176 True 32
Fn
Get Time type = Ticks, time = 26223 True 3
Fn
Get Time type = Ticks, time = 26254 True 23
Fn
Get Time type = Ticks, time = 26348 True 30
Fn
Get Time type = Ticks, time = 26364 True 52
Fn
Get Time type = Ticks, time = 26379 True 45
Fn
Get Time type = Ticks, time = 26395 True 10
Fn
Get Time type = Ticks, time = 26410 True 23
Fn
Get Time type = Ticks, time = 26442 True 46
Fn
Get Time type = Ticks, time = 26473 True 3
Fn
Get Time type = Ticks, time = 26488 True 26
Fn
Get Time type = Ticks, time = 26582 True 42
Fn
Get Time type = Ticks, time = 26598 True 46
Fn
Get Time type = Ticks, time = 26613 True 52
Fn
Get Time type = System Time, time = 2019-02-20 21:47:27 (UTC) True 90
Fn
Get Time type = Ticks, time = 26629 True 23
Fn
Get Time type = Ticks, time = 26644 True 35
Fn
Get Time type = Ticks, time = 26660 True 46
Fn
Get Time type = Ticks, time = 26676 True 23
Fn
Get Time type = Ticks, time = 26691 True 52
Fn
Get Time type = Ticks, time = 26707 True 23
Fn
Get Time type = Ticks, time = 26722 True 29
Fn
Get Time type = Ticks, time = 26738 True 23
Fn
Get Time type = Ticks, time = 26754 True 23
Fn
Get Time type = Ticks, time = 26769 True 23
Fn
Get Time type = Ticks, time = 26785 True 20
Fn
Get Time type = Ticks, time = 26800 True 38
Fn
Get Time type = Ticks, time = 26816 True 44
Fn
Get Time type = Ticks, time = 26832 True 46
Fn
Get Time type = Ticks, time = 26847 True 55
Fn
Get Time type = Ticks, time = 26863 True 18
Fn
Get Time type = Ticks, time = 26878 True 44
Fn
Get Time type = Ticks, time = 26894 True 72
Fn
Get Time type = Ticks, time = 26910 True 71
Fn
Get Time type = Ticks, time = 26925 True 59
Fn
Get Time type = Ticks, time = 26941 True 32
Fn
Get Time type = Ticks, time = 26956 True 49
Fn
Get Time type = Ticks, time = 26972 True 6
Fn
Get Time type = Ticks, time = 26988 True 9
Fn
Get Time type = Ticks, time = 27081 True 42
Fn
Get Time type = Ticks, time = 27097 True 21
Fn
Get Time type = Ticks, time = 27128 True 36
Fn
Get Time type = Ticks, time = 27144 True 9
Fn
Get Time type = Ticks, time = 27159 True 6
Fn
Get Time type = Ticks, time = 27175 True 3
Fn
Get Time type = Ticks, time = 27190 True 3
Fn
Get Time type = Ticks, time = 27268 True 3
Fn
Get Time type = Ticks, time = 27378 True 6
Fn
Get Time type = Ticks, time = 27393 True 6
Fn
Get Time type = Ticks, time = 27424 True 3
Fn
Get Time type = Ticks, time = 27456 True 6
Fn
Get Time type = Ticks, time = 27502 True 3
Fn
Get Time type = Ticks, time = 27596 True 3
Fn
Get Time type = Ticks, time = 27612 True 3
Fn
Get Time type = System Time, time = 2019-02-20 21:47:28 (UTC) True 89
Fn
Get Time type = Ticks, time = 27627 True 6
Fn
Get Time type = Ticks, time = 27643 True 3
Fn
Get Time type = Ticks, time = 27658 True 3
Fn
Get Time type = Ticks, time = 27674 True 6
Fn
Get Time type = Ticks, time = 27690 True 3
Fn
Get Time type = Ticks, time = 27705 True 6
Fn
Get Time type = Ticks, time = 27721 True 3
Fn
Get Time type = Ticks, time = 27736 True 3
Fn
Get Time type = Ticks, time = 27752 True 3
Fn
Get Time type = Ticks, time = 27768 True 3
Fn
Get Time type = Ticks, time = 27783 True 3
Fn
Get Time type = Ticks, time = 27799 True 3
Fn
Get Time type = Ticks, time = 27814 True 3
Fn
Get Time type = Ticks, time = 27830 True 6
Fn
Get Time type = Ticks, time = 27846 True 3
Fn
Get Time type = Ticks, time = 27861 True 6
Fn
Get Time type = Ticks, time = 27892 True 6
Fn
Get Time type = Ticks, time = 27908 True 6
Fn
Get Time type = Ticks, time = 27924 True 9
Fn
Get Time type = Ticks, time = 27939 True 6
Fn
Get Time type = Ticks, time = 27955 True 3
Fn
Get Time type = Ticks, time = 27970 True 23
Fn
Get Time type = Ticks, time = 27986 True 30
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = WindowsDefenderMonitorMutex True 1
Fn
Environment (3)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 2
Fn
Data
Get Environment String name = OPENSSL_ia32cap False 1
Fn
Network Behavior
TCP Sessions (262)
»
Information Value
Total Data Sent 0 bytes
Total Data Received 0 bytes
Contacted Host Count 253
Contacted Hosts 192.168.0.1:445, 192.168.0.6:445, 192.168.0.4:445, 192.168.0.0:445, 192.168.0.2:445, 192.168.0.3:445, 192.168.0.5:445, 192.168.0.7:445, 192.168.0.8:445, 192.168.0.9:445, 192.168.0.10:445, 192.168.0.11:445, 192.168.0.12:445, 192.168.0.13:445, 192.168.0.14:445, 192.168.0.15:445, 192.168.0.16:445, 192.168.0.17:445, 192.168.0.18:445, 192.168.0.19:445, 192.168.0.20:445, 192.168.0.21:445, 192.168.0.22:445, 192.168.0.23:445, 192.168.0.24:445, 192.168.0.25:445, 192.168.0.26:445, 192.168.0.27:445, 192.168.0.28:445, 192.168.0.29:445, 192.168.0.30:445, 192.168.0.31:445, 192.168.0.32:445, 192.168.0.33:445, 192.168.0.34:445, 192.168.0.35:445, 192.168.0.36:445, 192.168.0.37:445, 192.168.0.38:445, 192.168.0.39:445, 192.168.0.40:445, 192.168.0.41:445, 192.168.0.42:445, 192.168.0.43:445, 192.168.0.44:445, 192.168.0.45:445, 192.168.0.46:445, 192.168.0.47:445, 192.168.0.48:445, 192.168.0.49:445, 192.168.0.50:445, 192.168.0.51:445, 192.168.0.52:445, 192.168.0.54:445, 192.168.0.55:445, 192.168.0.56:445, 192.168.0.57:445, 192.168.0.58:445, 192.168.0.59:445, 192.168.0.60:445, 192.168.0.61:445, 192.168.0.62:445, 192.168.0.63:445, 192.168.0.64:445, 192.168.0.65:445, 192.168.0.66:445, 192.168.0.67:445, 192.168.0.68:445, 192.168.0.69:445, 192.168.0.70:445, 192.168.0.71:445, 192.168.0.72:445, 192.168.0.73:445, 192.168.0.74:445, 192.168.0.75:445, 192.168.0.76:445, 192.168.0.77:445, 192.168.0.78:445, 192.168.0.79:445, 192.168.0.80:445, 192.168.0.81:445, 192.168.0.82:445, 192.168.0.83:445, 192.168.0.84:445, 192.168.0.85:445, 192.168.0.86:445, 192.168.0.88:445, 192.168.0.89:445, 192.168.0.90:445, 192.168.0.91:445, 192.168.0.92:445, 192.168.0.93:445, 192.168.0.94:445, 192.168.0.95:445, 192.168.0.96:445, 192.168.0.97:445, 192.168.0.98:445, 192.168.0.99:445, 192.168.0.100:445, 192.168.0.101:445, 192.168.0.102:445, 192.168.0.103:445, 192.168.0.104:445, 192.168.0.105:445, 192.168.0.106:445, 192.168.0.107:445, 192.168.0.109:445, 192.168.0.110:445, 192.168.0.111:445, 192.168.0.112:445, 192.168.0.113:445, 192.168.0.114:445, 192.168.0.115:445, 192.168.0.116:445, 192.168.0.117:445, 192.168.0.118:445, 192.168.0.119:445, 192.168.0.120:445, 192.168.0.121:445, 192.168.0.122:445, 192.168.0.123:445, 192.168.0.124:445, 192.168.0.125:445, 192.168.0.126:445, 192.168.0.127:445, 192.168.0.128:445, 192.168.0.129:445, 192.168.0.130:445, 192.168.0.131:445, 192.168.0.132:445, 192.168.0.133:445, 192.168.0.134:445, 192.168.0.135:445, 192.168.0.136:445, 192.168.0.137:445, 192.168.0.138:445, 192.168.0.139:445, 192.168.0.140:445, 192.168.0.141:445, 192.168.0.142:445, 192.168.0.143:445, 192.168.0.144:445, 192.168.0.145:445, 192.168.0.146:445, 192.168.0.147:445, 192.168.0.148:445, 192.168.0.149:445, 192.168.0.150:445, 192.168.0.151:445, 192.168.0.152:445, 192.168.0.153:445, 192.168.0.154:445, 192.168.0.156:445, 192.168.0.157:445, 192.168.0.158:445, 192.168.0.159:445, 192.168.0.160:445, 192.168.0.161:445, 192.168.0.162:445, 192.168.0.163:445, 192.168.0.164:445, 192.168.0.165:445, 192.168.0.166:445, 192.168.0.167:445, 192.168.0.168:445, 192.168.0.169:445, 192.168.0.170:445, 192.168.0.171:445, 192.168.0.172:445, 192.168.0.173:445, 192.168.0.174:445, 192.168.0.175:445, 192.168.0.176:445, 192.168.0.177:445, 192.168.0.178:445, 192.168.0.179:445, 192.168.0.180:445, 192.168.0.181:445, 192.168.0.182:445, 192.168.0.183:445, 192.168.0.184:445, 192.168.0.185:445, 192.168.0.186:445, 192.168.0.187:445, 192.168.0.188:445, 192.168.0.189:445, 192.168.0.190:445, 192.168.0.191:445, 192.168.0.192:445, 192.168.0.193:445, 192.168.0.194:445, 192.168.0.195:445, 192.168.0.196:445, 192.168.0.197:445, 192.168.0.198:445, 192.168.0.199:445, 192.168.0.200:445, 192.168.0.201:445, 192.168.0.202:445, 192.168.0.203:445, 192.168.0.204:445, 192.168.0.205:445, 192.168.0.206:445, 192.168.0.207:445, 192.168.0.208:445, 192.168.0.209:445, 192.168.0.210:445, 192.168.0.211:445, 192.168.0.212:445, 192.168.0.213:445, 192.168.0.214:445, 192.168.0.215:445, 192.168.0.216:445, 192.168.0.217:445, 192.168.0.218:445, 192.168.0.219:445, 192.168.0.220:445, 192.168.0.221:445, 192.168.0.222:445, 192.168.0.223:445, 192.168.0.224:445, 192.168.0.225:445, 192.168.0.226:445, 192.168.0.227:445, 192.168.0.228:445, 192.168.0.229:445, 192.168.0.230:445, 192.168.0.231:445, 192.168.0.232:445, 192.168.0.233:445, 192.168.0.234:445, 192.168.0.235:445, 192.168.0.236:445, 192.168.0.237:445, 192.168.0.238:445, 192.168.0.239:445, 192.168.0.240:445, 192.168.0.241:445, 192.168.0.242:445, 192.168.0.243:445, 192.168.0.244:445, 192.168.0.245:445, 192.168.0.246:445, 192.168.0.247:445, 192.168.0.248:445, 192.168.0.249:445, 192.168.0.250:445, 192.168.0.251:445, 192.168.0.252:445, 192.168.0.253:445, 192.168.0.254:445, 192.168.0.255:445, 89.144.25.156:80
TCP Session #1
»
Information Value
Handle 0x1b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.1
Remote Port 445
Local Address 0.0.0.0
Local Port 49164
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.1, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Handle 0x160
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.6
Remote Port 445
Local Address 0.0.0.0
Local Port 49155
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.6, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #3
»
Information Value
Handle 0x1b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.4
Remote Port 445
Local Address 0.0.0.0
Local Port 49163
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.4, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #4
»
Information Value
Handle 0x194
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.0
Remote Port 445
Local Address 0.0.0.0
Local Port 49156
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.0, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #5
»
Information Value
Handle 0x198
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.2
Remote Port 445
Local Address 0.0.0.0
Local Port 49157
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.2, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #6
»
Information Value
Handle 0x19c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.3
Remote Port 445
Local Address 0.0.0.0
Local Port 49158
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.3, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #7
»
Information Value
Handle 0x1a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.5
Remote Port 445
Local Address 0.0.0.0
Local Port 49159
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.5, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #8
»
Information Value
Handle 0x1a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.7
Remote Port 445
Local Address 0.0.0.0
Local Port 49160
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.7, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #9
»
Information Value
Handle 0x1a8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.8
Remote Port 445
Local Address 0.0.0.0
Local Port 49166
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.8, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #10
»
Information Value
Handle 0x1ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.9
Remote Port 445
Local Address 0.0.0.0
Local Port 49162
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.9, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #11
»
Information Value
Handle 0x1c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.10
Remote Port 445
Local Address 0.0.0.0
Local Port 49168
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.10, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #12
»
Information Value
Handle 0x1cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.11
Remote Port 445
Local Address 0.0.0.0
Local Port 49169
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.11, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #13
»
Information Value
Handle 0x1d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.12
Remote Port 445
Local Address 0.0.0.0
Local Port 49170
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.12, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #14
»
Information Value
Handle 0x1e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.13
Remote Port 445
Local Address 0.0.0.0
Local Port 49171
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.13, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #15
»
Information Value
Handle 0x1f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.14
Remote Port 445
Local Address 0.0.0.0
Local Port 49172
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.14, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #16
»
Information Value
Handle 0x1fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.15
Remote Port 445
Local Address 0.0.0.0
Local Port 49173
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.15, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #17
»
Information Value
Handle 0x1b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.16
Remote Port 445
Local Address 0.0.0.0
Local Port 49172
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.16, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #18
»
Information Value
Handle 0x208
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.17
Remote Port 445
Local Address 0.0.0.0
Local Port 49173
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.17, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #19
»
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.18
Remote Port 445
Local Address 0.0.0.0
Local Port 49174
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.18, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #20
»
Information Value
Handle 0x220
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.19
Remote Port 445
Local Address 0.0.0.0
Local Port 49175
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.19, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #21
»
Information Value
Handle 0x22c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.20
Remote Port 445
Local Address 0.0.0.0
Local Port 49176
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.20, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #22
»
Information Value
Handle 0x238
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.21
Remote Port 445
Local Address 0.0.0.0
Local Port 49177
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.21, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #23
»
Information Value
Handle 0x244
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.22
Remote Port 445
Local Address 0.0.0.0
Local Port 49178
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.22, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #24
»
Information Value
Handle 0x250
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.23
Remote Port 445
Local Address 0.0.0.0
Local Port 49179
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.23, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #25
»
Information Value
Handle 0x1a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.24
Remote Port 445
Local Address 0.0.0.0
Local Port 49180
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.24, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #26
»
Information Value
Handle 0x1b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.25
Remote Port 445
Local Address 0.0.0.0
Local Port 49181
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.25, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #27
»
Information Value
Handle 0x19c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.26
Remote Port 445
Local Address 0.0.0.0
Local Port 49182
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.26, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #28
»
Information Value
Handle 0x198
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.27
Remote Port 445
Local Address 0.0.0.0
Local Port 49183
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.27, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #29
»
Information Value
Handle 0x194
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.28
Remote Port 445
Local Address 0.0.0.0
Local Port 49184
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.28, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #30
»
Information Value
Handle 0x25c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.29
Remote Port 445
Local Address 0.0.0.0
Local Port 49185
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.29, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #31
»
Information Value
Handle 0x268
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.30
Remote Port 445
Local Address 0.0.0.0
Local Port 49186
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.30, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #32
»
Information Value
Handle 0x274
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.31
Remote Port 445
Local Address 0.0.0.0
Local Port 49187
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.31, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #33
»
Information Value
Handle 0x160
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.32
Remote Port 445
Local Address 0.0.0.0
Local Port 49188
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.32, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #34
»
Information Value
Handle 0x280
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.33
Remote Port 445
Local Address 0.0.0.0
Local Port 49189
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.33, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #35
»
Information Value
Handle 0x28c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.34
Remote Port 445
Local Address 0.0.0.0
Local Port 49190
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.34, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #36
»
Information Value
Handle 0x298
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.35
Remote Port 445
Local Address 0.0.0.0
Local Port 49191
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.35, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #37
»
Information Value
Handle 0x2a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.36
Remote Port 445
Local Address 0.0.0.0
Local Port 49192
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.36, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #38
»
Information Value
Handle 0x2b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.37
Remote Port 445
Local Address 0.0.0.0
Local Port 49193
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.37, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #39
»
Information Value
Handle 0x2bc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.38
Remote Port 445
Local Address 0.0.0.0
Local Port 49194
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.38, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #40
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.39
Remote Port 445
Local Address 0.0.0.0
Local Port 49195
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.39, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #41
»
Information Value
Handle 0x2d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.40
Remote Port 445
Local Address 0.0.0.0
Local Port 49196
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.40, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #42
»
Information Value
Handle 0x2e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.41
Remote Port 445
Local Address 0.0.0.0
Local Port 49197
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.41, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #43
»
Information Value
Handle 0x2ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.42
Remote Port 445
Local Address 0.0.0.0
Local Port 49198
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.42, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #44
»
Information Value
Handle 0x2f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.43
Remote Port 445
Local Address 0.0.0.0
Local Port 49199
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.43, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #45
»
Information Value
Handle 0x304
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.44
Remote Port 445
Local Address 0.0.0.0
Local Port 49200
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.44, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #46
»
Information Value
Handle 0x310
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.45
Remote Port 445
Local Address 0.0.0.0
Local Port 49201
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.45, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #47
»
Information Value
Handle 0x31c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.46
Remote Port 445
Local Address 0.0.0.0
Local Port 49202
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.46, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #48
»
Information Value
Handle 0x328
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.47
Remote Port 445
Local Address 0.0.0.0
Local Port 49203
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.47, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #49
»
Information Value
Handle 0x334
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.48
Remote Port 445
Local Address 0.0.0.0
Local Port 49204
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.48, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #50
»
Information Value
Handle 0x340
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.49
Remote Port 445
Local Address 0.0.0.0
Local Port 49205
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.49, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #51
»
Information Value
Handle 0x34c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.50
Remote Port 445
Local Address 0.0.0.0
Local Port 49206
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.50, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #52
»
Information Value
Handle 0x358
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.51
Remote Port 445
Local Address 0.0.0.0
Local Port 49207
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.51, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #53
»
Information Value
Handle 0x364
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.52
Remote Port 445
Local Address 0.0.0.0
Local Port 49208
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.52, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #54
»
Information Value
Handle 0x37c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.54
Remote Port 445
Local Address 0.0.0.0
Local Port 49210
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.54, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #55
»
Information Value
Handle 0x388
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.55
Remote Port 445
Local Address 0.0.0.0
Local Port 49211
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.55, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #56
»
Information Value
Handle 0x394
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.56
Remote Port 445
Local Address 0.0.0.0
Local Port 49212
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.56, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #57
»
Information Value
Handle 0x3a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.57
Remote Port 445
Local Address 0.0.0.0
Local Port 49213
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.57, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #58
»
Information Value
Handle 0x1a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.58
Remote Port 445
Local Address 0.0.0.0
Local Port 49214
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.58, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #59
»
Information Value
Handle 0x3ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.59
Remote Port 445
Local Address 0.0.0.0
Local Port 49215
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.59, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #60
»
Information Value
Handle 0x3b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.60
Remote Port 445
Local Address 0.0.0.0
Local Port 49216
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.60, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #61
»
Information Value
Handle 0x3c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.61
Remote Port 445
Local Address 0.0.0.0
Local Port 49217
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.61, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #62
»
Information Value
Handle 0x3d0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.62
Remote Port 445
Local Address 0.0.0.0
Local Port 49218
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.62, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #63
»
Information Value
Handle 0x3dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.63
Remote Port 445
Local Address 0.0.0.0
Local Port 49219
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.63, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #64
»
Information Value
Handle 0x3e8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.64
Remote Port 445
Local Address 0.0.0.0
Local Port 49220
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.64, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #65
»
Information Value
Handle 0x3f4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.65
Remote Port 445
Local Address 0.0.0.0
Local Port 49221
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.65, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #66
»
Information Value
Handle 0x404
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.66
Remote Port 445
Local Address 0.0.0.0
Local Port 49222
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.66, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #67
»
Information Value
Handle 0x410
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.67
Remote Port 445
Local Address 0.0.0.0
Local Port 49223
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.67, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #68
»
Information Value
Handle 0x41c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.68
Remote Port 445
Local Address 0.0.0.0
Local Port 49224
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.68, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #69
»
Information Value
Handle 0x428
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.69
Remote Port 445
Local Address 0.0.0.0
Local Port 49225
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.69, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #70
»
Information Value
Handle 0x434
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.70
Remote Port 445
Local Address 0.0.0.0
Local Port 49226
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.70, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #71
»
Information Value
Handle 0x440
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.71
Remote Port 445
Local Address 0.0.0.0
Local Port 49227
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.71, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #72
»
Information Value
Handle 0x44c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.72
Remote Port 445
Local Address 0.0.0.0
Local Port 49228
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.72, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #73
»
Information Value
Handle 0x458
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.73
Remote Port 445
Local Address 0.0.0.0
Local Port 49229
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.73, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #74
»
Information Value
Handle 0x1b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.74
Remote Port 445
Local Address 0.0.0.0
Local Port 49230
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.74, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #75
»
Information Value
Handle 0x184
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.75
Remote Port 445
Local Address 0.0.0.0
Local Port 49231
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.75, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #76
»
Information Value
Handle 0x1cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.76
Remote Port 445
Local Address 0.0.0.0
Local Port 49232
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.76, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #77
»
Information Value
Handle 0x45c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.77
Remote Port 445
Local Address 0.0.0.0
Local Port 49233
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.77, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #78
»
Information Value
Handle 0x468
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.78
Remote Port 445
Local Address 0.0.0.0
Local Port 49234
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.78, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #79
»
Information Value
Handle 0x474
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.79
Remote Port 445
Local Address 0.0.0.0
Local Port 49235
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.79, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #80
»
Information Value
Handle 0x1d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.80
Remote Port 445
Local Address 0.0.0.0
Local Port 49236
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.80, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #81
»
Information Value
Handle 0x480
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.81
Remote Port 445
Local Address 0.0.0.0
Local Port 49237
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.81, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #82
»
Information Value
Handle 0x1e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.82
Remote Port 445
Local Address 0.0.0.0
Local Port 49238
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.82, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #83
»
Information Value
Handle 0x48c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.83
Remote Port 445
Local Address 0.0.0.0
Local Port 49239
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.83, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #84
»
Information Value
Handle 0x498
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.84
Remote Port 445
Local Address 0.0.0.0
Local Port 49240
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.84, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #85
»
Information Value
Handle 0x4a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.85
Remote Port 445
Local Address 0.0.0.0
Local Port 49241
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.85, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #86
»
Information Value
Handle 0x4b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.86
Remote Port 445
Local Address 0.0.0.0
Local Port 49242
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.86, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #87
»
Information Value
Handle 0x4c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.88
Remote Port 445
Local Address 0.0.0.0
Local Port 49244
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.88, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #88
»
Information Value
Handle 0x4d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.89
Remote Port 445
Local Address 0.0.0.0
Local Port 49245
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.89, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #89
»
Information Value
Handle 0x118
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.90
Remote Port 445
Local Address 0.0.0.0
Local Port 49246
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.90, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #90
»
Information Value
Handle 0x4e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.91
Remote Port 445
Local Address 0.0.0.0
Local Port 49247
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.91, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #91
»
Information Value
Handle 0x4ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.92
Remote Port 445
Local Address 0.0.0.0
Local Port 49248
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.92, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #92
»
Information Value
Handle 0x4f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.93
Remote Port 445
Local Address 0.0.0.0
Local Port 49249
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.93, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #93
»
Information Value
Handle 0x1fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.94
Remote Port 445
Local Address 0.0.0.0
Local Port 49250
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.94, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #94
»
Information Value
Handle 0x504
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.95
Remote Port 445
Local Address 0.0.0.0
Local Port 49251
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.95, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #95
»
Information Value
Handle 0x510
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.96
Remote Port 445
Local Address 0.0.0.0
Local Port 49252
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.96, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #96
»
Information Value
Handle 0x51c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.97
Remote Port 445
Local Address 0.0.0.0
Local Port 49253
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.97, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #97
»
Information Value
Handle 0x528
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.98
Remote Port 445
Local Address 0.0.0.0
Local Port 49254
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.98, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #98
»
Information Value
Handle 0x534
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.99
Remote Port 445
Local Address 0.0.0.0
Local Port 49255
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.99, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #99
»
Information Value
Handle 0x540
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.100
Remote Port 445
Local Address 0.0.0.0
Local Port 49256
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.100, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #100
»
Information Value
Handle 0x1b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.101
Remote Port 445
Local Address 0.0.0.0
Local Port 49257
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.101, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #101
»
Information Value
Handle 0x54c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.102
Remote Port 445
Local Address 0.0.0.0
Local Port 49258
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.102, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #102
»
Information Value
Handle 0x558
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.103
Remote Port 445
Local Address 0.0.0.0
Local Port 49259
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.103, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #103
»
Information Value
Handle 0x564
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.104
Remote Port 445
Local Address 0.0.0.0
Local Port 49260
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.104, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #104
»
Information Value
Handle 0x570
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.105
Remote Port 445
Local Address 0.0.0.0
Local Port 49261
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.105, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #105
»
Information Value
Handle 0x57c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.106
Remote Port 445
Local Address 0.0.0.0
Local Port 49262
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.106, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #106
»
Information Value
Handle 0x588
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.107
Remote Port 445
Local Address 0.0.0.0
Local Port 49263
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.107, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #107
»
Information Value
Handle 0x208
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.109
Remote Port 445
Local Address 0.0.0.0
Local Port 49265
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.109, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #108
»
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.110
Remote Port 445
Local Address 0.0.0.0
Local Port 49266
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.110, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #109
»
Information Value
Handle 0x5a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.111
Remote Port 445
Local Address 0.0.0.0
Local Port 49267
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.111, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #110
»
Information Value
Handle 0x5ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.112
Remote Port 445
Local Address 0.0.0.0
Local Port 49268
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.112, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #111
»
Information Value
Handle 0x5b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.113
Remote Port 445
Local Address 0.0.0.0
Local Port 49269
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.113, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #112
»
Information Value
Handle 0x5c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.114
Remote Port 445
Local Address 0.0.0.0
Local Port 49270
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.114, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #113
»
Information Value
Handle 0x5d0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.115
Remote Port 445
Local Address 0.0.0.0
Local Port 49271
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.115, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #114
»
Information Value
Handle 0x5dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.116
Remote Port 445
Local Address 0.0.0.0
Local Port 49272
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.116, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #115
»
Information Value
Handle 0x5e8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.117
Remote Port 445
Local Address 0.0.0.0
Local Port 49273
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.117, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #116
»
Information Value
Handle 0x5f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.118
Remote Port 445
Local Address 0.0.0.0
Local Port 49274
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.118, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #117
»
Information Value
Handle 0x220
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.119
Remote Port 445
Local Address 0.0.0.0
Local Port 49275
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.119, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #118
»
Information Value
Handle 0x44c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.120
Remote Port 445
Local Address 0.0.0.0
Local Port 49276
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.120, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #119
»
Information Value
Handle 0x458
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.121
Remote Port 445
Local Address 0.0.0.0
Local Port 49277
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.121, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #120
»
Information Value
Handle 0x438
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.122
Remote Port 445
Local Address 0.0.0.0
Local Port 49278
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.122, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #121
»
Information Value
Handle 0x420
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.123
Remote Port 445
Local Address 0.0.0.0
Local Port 49279
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.123, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #122
»
Information Value
Handle 0x414
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.124
Remote Port 445
Local Address 0.0.0.0
Local Port 49280
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.124, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #123
»
Information Value
Handle 0x3f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.125
Remote Port 445
Local Address 0.0.0.0
Local Port 49281
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.125, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #124
»
Information Value
Handle 0x408
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.126
Remote Port 445
Local Address 0.0.0.0
Local Port 49282
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.126, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #125
»
Information Value
Handle 0x3ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.127
Remote Port 445
Local Address 0.0.0.0
Local Port 49283
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.127, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #126
»
Information Value
Handle 0x3b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.128
Remote Port 445
Local Address 0.0.0.0
Local Port 49284
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.128, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #127
»
Information Value
Handle 0x3bc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.129
Remote Port 445
Local Address 0.0.0.0
Local Port 49285
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.129, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #128
»
Information Value
Handle 0x3c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.130
Remote Port 445
Local Address 0.0.0.0
Local Port 49286
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.130, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #129
»
Information Value
Handle 0x3d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.131
Remote Port 445
Local Address 0.0.0.0
Local Port 49287
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.131, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #130
»
Information Value
Handle 0x3e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.132
Remote Port 445
Local Address 0.0.0.0
Local Port 49288
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.132, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #131
»
Information Value
Handle 0x3a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.133
Remote Port 445
Local Address 0.0.0.0
Local Port 49289
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.133, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #132
»
Information Value
Handle 0x398
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.134
Remote Port 445
Local Address 0.0.0.0
Local Port 49290
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.134, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #133
»
Information Value
Handle 0x14c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.135
Remote Port 445
Local Address 0.0.0.0
Local Port 49291
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.135, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #134
»
Information Value
Handle 0x38c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.136
Remote Port 445
Local Address 0.0.0.0
Local Port 49292
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.136, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #135
»
Information Value
Handle 0x380
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.137
Remote Port 445
Local Address 0.0.0.0
Local Port 49293
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.137, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #136
»
Information Value
Handle 0x374
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.138
Remote Port 445
Local Address 0.0.0.0
Local Port 49294
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.138, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #137
»
Information Value
Handle 0x368
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.139
Remote Port 445
Local Address 0.0.0.0
Local Port 49295
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.139, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #138
»
Information Value
Handle 0x35c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.140
Remote Port 445
Local Address 0.0.0.0
Local Port 49296
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.140, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #139
»
Information Value
Handle 0x350
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.141
Remote Port 445
Local Address 0.0.0.0
Local Port 49297
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.141, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #140
»
Information Value
Handle 0x344
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.142
Remote Port 445
Local Address 0.0.0.0
Local Port 49298
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.142, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #141
»
Information Value
Handle 0x338
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.143
Remote Port 445
Local Address 0.0.0.0
Local Port 49299
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.143, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #142
»
Information Value
Handle 0x32c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.144
Remote Port 445
Local Address 0.0.0.0
Local Port 49300
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.144, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #143
»
Information Value
Handle 0x320
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.145
Remote Port 445
Local Address 0.0.0.0
Local Port 49301
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.145, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #144
»
Information Value
Handle 0x314
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.146
Remote Port 445
Local Address 0.0.0.0
Local Port 49302
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.146, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #145
»
Information Value
Handle 0x308
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.147
Remote Port 445
Local Address 0.0.0.0
Local Port 49303
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.147, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #146
»
Information Value
Handle 0x2fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.148
Remote Port 445
Local Address 0.0.0.0
Local Port 49304
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.148, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #147
»
Information Value
Handle 0x2f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.149
Remote Port 445
Local Address 0.0.0.0
Local Port 49305
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.149, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #148
»
Information Value
Handle 0x2e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.150
Remote Port 445
Local Address 0.0.0.0
Local Port 49306
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.150, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #149
»
Information Value
Handle 0x2d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.151
Remote Port 445
Local Address 0.0.0.0
Local Port 49307
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.151, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #150
»
Information Value
Handle 0x2cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.152
Remote Port 445
Local Address 0.0.0.0
Local Port 49308
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.152, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #151
»
Information Value
Handle 0x2c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.153
Remote Port 445
Local Address 0.0.0.0
Local Port 49309
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.153, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #152
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.154
Remote Port 445
Local Address 0.0.0.0
Local Port 49310
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.154, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #153
»
Information Value
Handle 0x36c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.156
Remote Port 445
Local Address 0.0.0.0
Local Port 49311
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.156, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #154
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.157
Remote Port 445
Local Address 0.0.0.0
Local Port 49312
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.157, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #155
»
Information Value
Handle 0x2d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.158
Remote Port 445
Local Address 0.0.0.0
Local Port 49313
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.158, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #156
»
Information Value
Handle 0x2cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.159
Remote Port 445
Local Address 0.0.0.0
Local Port 49314
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.159, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #157
»
Information Value
Handle 0x2c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.160
Remote Port 445
Local Address 0.0.0.0
Local Port 49315
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.160, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #158
»
Information Value
Handle 0x2e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.161
Remote Port 445
Local Address 0.0.0.0
Local Port 49316
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.161, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #159
»
Information Value
Handle 0x2fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.162
Remote Port 445
Local Address 0.0.0.0
Local Port 49317
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.162, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #160
»
Information Value
Handle 0x308
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.163
Remote Port 445
Local Address 0.0.0.0
Local Port 49318
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.163, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #161
»
Information Value
Handle 0x2f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.164
Remote Port 445
Local Address 0.0.0.0
Local Port 49319
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.164, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #162
»
Information Value
Handle 0x320
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.165
Remote Port 445
Local Address 0.0.0.0
Local Port 49320
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.165, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #163
»
Information Value
Handle 0x36c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.166
Remote Port 445
Local Address 0.0.0.0
Local Port 49321
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.166, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #164
»
Information Value
Handle 0x2d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.167
Remote Port 445
Local Address 0.0.0.0
Local Port 49322
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.167, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #165
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.168
Remote Port 445
Local Address 0.0.0.0
Local Port 49323
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.168, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #166
»
Information Value
Handle 0x2cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.169
Remote Port 445
Local Address 0.0.0.0
Local Port 49324
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.169, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #167
»
Information Value
Handle 0x314
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.170
Remote Port 445
Local Address 0.0.0.0
Local Port 49325
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.170, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #168
»
Information Value
Handle 0x32c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.171
Remote Port 445
Local Address 0.0.0.0
Local Port 49326
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.171, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #169
»
Information Value
Handle 0x350
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.172
Remote Port 445
Local Address 0.0.0.0
Local Port 49327
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.172, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #170
»
Information Value
Handle 0x344
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.173
Remote Port 445
Local Address 0.0.0.0
Local Port 49328
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.173, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #171
»
Information Value
Handle 0x2e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.174
Remote Port 445
Local Address 0.0.0.0
Local Port 49329
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.174, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #172
»
Information Value
Handle 0x2fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.175
Remote Port 445
Local Address 0.0.0.0
Local Port 49330
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.175, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #173
»
Information Value
Handle 0x338
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.176
Remote Port 445
Local Address 0.0.0.0
Local Port 49331
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.176, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #174
»
Information Value
Handle 0x320
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.177
Remote Port 445
Local Address 0.0.0.0
Local Port 49332
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.177, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #175
»
Information Value
Handle 0x2f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.178
Remote Port 445
Local Address 0.0.0.0
Local Port 49333
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.178, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #176
»
Information Value
Handle 0x378
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.179
Remote Port 445
Local Address 0.0.0.0
Local Port 49335
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.179, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #177
»
Information Value
Handle 0x36c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.180
Remote Port 445
Local Address 0.0.0.0
Local Port 49336
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.180, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #178
»
Information Value
Handle 0x580
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.181
Remote Port 445
Local Address 0.0.0.0
Local Port 49337
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.181, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #179
»
Information Value
Handle 0x2c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.182
Remote Port 445
Local Address 0.0.0.0
Local Port 49338
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.182, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #180
»
Information Value
Handle 0x314
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.183
Remote Port 445
Local Address 0.0.0.0
Local Port 49339
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.183, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #181
»
Information Value
Handle 0x344
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.184
Remote Port 445
Local Address 0.0.0.0
Local Port 49340
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.184, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #182
»
Information Value
Handle 0x2e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.185
Remote Port 445
Local Address 0.0.0.0
Local Port 49341
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.185, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #183
»
Information Value
Handle 0x308
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.186
Remote Port 445
Local Address 0.0.0.0
Local Port 49342
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.186, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #184
»
Information Value
Handle 0x338
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.187
Remote Port 445
Local Address 0.0.0.0
Local Port 49343
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.187, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #185
»
Information Value
Handle 0x2fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.188
Remote Port 445
Local Address 0.0.0.0
Local Port 49344
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.188, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #186
»
Information Value
Handle 0x350
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.189
Remote Port 445
Local Address 0.0.0.0
Local Port 49345
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.189, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #187
»
Information Value
Handle 0x32c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.190
Remote Port 445
Local Address 0.0.0.0
Local Port 49346
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.190, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #188
»
Information Value
Handle 0x320
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.191
Remote Port 445
Local Address 0.0.0.0
Local Port 49347
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.191, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #189
»
Information Value
Handle 0x2cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.192
Remote Port 445
Local Address 0.0.0.0
Local Port 49348
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.192, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #190
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.193
Remote Port 445
Local Address 0.0.0.0
Local Port 49349
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.193, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #191
»
Information Value
Handle 0x2d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.194
Remote Port 445
Local Address 0.0.0.0
Local Port 49350
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.194, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #192
»
Information Value
Handle 0x2f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.195
Remote Port 445
Local Address 0.0.0.0
Local Port 49351
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.195, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #193
»
Information Value
Handle 0x14c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.196
Remote Port 445
Local Address 0.0.0.0
Local Port 49352
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.196, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #194
»
Information Value
Handle 0x378
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.197
Remote Port 445
Local Address 0.0.0.0
Local Port 49353
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.197, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #195
»
Information Value
Handle 0x36c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.198
Remote Port 445
Local Address 0.0.0.0
Local Port 49354
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.198, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #196
»
Information Value
Handle 0x380
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.199
Remote Port 445
Local Address 0.0.0.0
Local Port 49355
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.199, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #197
»
Information Value
Handle 0x38c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.200
Remote Port 445
Local Address 0.0.0.0
Local Port 49356
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.200, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #198
»
Information Value
Handle 0x3e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.201
Remote Port 445
Local Address 0.0.0.0
Local Port 49357
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.201, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #199
»
Information Value
Handle 0x3a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.202
Remote Port 445
Local Address 0.0.0.0
Local Port 49358
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.202, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #200
»
Information Value
Handle 0x398
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.203
Remote Port 445
Local Address 0.0.0.0
Local Port 49359
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.203, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #201
»
Information Value
Handle 0x3d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.204
Remote Port 445
Local Address 0.0.0.0
Local Port 49360
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.204, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #202
»
Information Value
Handle 0x2c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.205
Remote Port 445
Local Address 0.0.0.0
Local Port 49361
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.205, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #203
»
Information Value
Handle 0x384
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.206
Remote Port 445
Local Address 0.0.0.0
Local Port 49362
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.206, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #204
»
Information Value
Handle 0x580
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.207
Remote Port 445
Local Address 0.0.0.0
Local Port 49363
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.207, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #205
»
Information Value
Handle 0x3c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.208
Remote Port 445
Local Address 0.0.0.0
Local Port 49364
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.208, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #206
»
Information Value
Handle 0x3bc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.209
Remote Port 445
Local Address 0.0.0.0
Local Port 49365
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.209, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #207
»
Information Value
Handle 0x408
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.210
Remote Port 445
Local Address 0.0.0.0
Local Port 49366
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.210, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #208
»
Information Value
Handle 0x344
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.211
Remote Port 445
Local Address 0.0.0.0
Local Port 49367
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.211, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #209
»
Information Value
Handle 0x2e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.212
Remote Port 445
Local Address 0.0.0.0
Local Port 49368
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.212, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #210
»
Information Value
Handle 0x338
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.213
Remote Port 445
Local Address 0.0.0.0
Local Port 49369
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.213, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #211
»
Information Value
Handle 0x308
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.214
Remote Port 445
Local Address 0.0.0.0
Local Port 49370
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.214, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #212
»
Information Value
Handle 0x3b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.215
Remote Port 445
Local Address 0.0.0.0
Local Port 49371
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.215, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #213
»
Information Value
Handle 0x3ec
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.216
Remote Port 445
Local Address 0.0.0.0
Local Port 49372
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.216, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #214
»
Information Value
Handle 0x2fc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.217
Remote Port 445
Local Address 0.0.0.0
Local Port 49373
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.217, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #215
»
Information Value
Handle 0x3f8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.218
Remote Port 445
Local Address 0.0.0.0
Local Port 49374
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.218, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #216
»
Information Value
Handle 0x414
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.219
Remote Port 445
Local Address 0.0.0.0
Local Port 49375
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.219, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #217
»
Information Value
Handle 0x420
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.220
Remote Port 445
Local Address 0.0.0.0
Local Port 49376
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.220, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #218
»
Information Value
Handle 0x2d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.221
Remote Port 445
Local Address 0.0.0.0
Local Port 49377
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.221, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #219
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.222
Remote Port 445
Local Address 0.0.0.0
Local Port 49378
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.222, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #220
»
Information Value
Handle 0x320
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.223
Remote Port 445
Local Address 0.0.0.0
Local Port 49379
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.223, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #221
»
Information Value
Handle 0x2cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.224
Remote Port 445
Local Address 0.0.0.0
Local Port 49380
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.224, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #222
»
Information Value
Handle 0x32c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.225
Remote Port 445
Local Address 0.0.0.0
Local Port 49381
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.225, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #223
»
Information Value
Handle 0x350
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.226
Remote Port 445
Local Address 0.0.0.0
Local Port 49382
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.226, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #224
»
Information Value
Handle 0x438
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.227
Remote Port 445
Local Address 0.0.0.0
Local Port 49383
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.227, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #225
»
Information Value
Handle 0x458
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.228
Remote Port 445
Local Address 0.0.0.0
Local Port 49384
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.228, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #226
»
Information Value
Handle 0x44c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.229
Remote Port 445
Local Address 0.0.0.0
Local Port 49385
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.229, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #227
»
Information Value
Handle 0x220
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.230
Remote Port 445
Local Address 0.0.0.0
Local Port 49386
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.230, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #228
»
Information Value
Handle 0x5f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.231
Remote Port 445
Local Address 0.0.0.0
Local Port 49387
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.231, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #229
»
Information Value
Handle 0x5e8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.232
Remote Port 445
Local Address 0.0.0.0
Local Port 49388
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.232, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #230
»
Information Value
Handle 0x14c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.233
Remote Port 445
Local Address 0.0.0.0
Local Port 49389
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.233, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #231
»
Information Value
Handle 0x2f0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.234
Remote Port 445
Local Address 0.0.0.0
Local Port 49390
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.234, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #232
»
Information Value
Handle 0x5dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.235
Remote Port 445
Local Address 0.0.0.0
Local Port 49391
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.235, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #233
»
Information Value
Handle 0x5d0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.236
Remote Port 445
Local Address 0.0.0.0
Local Port 49392
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.236, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #234
»
Information Value
Handle 0x5b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.237
Remote Port 445
Local Address 0.0.0.0
Local Port 49393
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.237, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #235
»
Information Value
Handle 0x5c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.238
Remote Port 445
Local Address 0.0.0.0
Local Port 49394
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.238, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #236
»
Information Value
Handle 0x5ac
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.239
Remote Port 445
Local Address 0.0.0.0
Local Port 49395
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.239, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #237
»
Information Value
Handle 0x378
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.240
Remote Port 445
Local Address 0.0.0.0
Local Port 49396
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.240, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #238
»
Information Value
Handle 0x5a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.241
Remote Port 445
Local Address 0.0.0.0
Local Port 49397
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.241, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #239
»
Information Value
Handle 0x36c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.242
Remote Port 445
Local Address 0.0.0.0
Local Port 49398
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.242, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #240
»
Information Value
Handle 0x208
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.243
Remote Port 445
Local Address 0.0.0.0
Local Port 49399
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.243, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #241
»
Information Value
Handle 0x3e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.244
Remote Port 445
Local Address 0.0.0.0
Local Port 49400
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.244, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #242
»
Information Value
Handle 0x3a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.245
Remote Port 445
Local Address 0.0.0.0
Local Port 49401
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.245, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #243
»
Information Value
Handle 0x38c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.246
Remote Port 445
Local Address 0.0.0.0
Local Port 49402
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.246, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #244
»
Information Value
Handle 0x380
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.247
Remote Port 445
Local Address 0.0.0.0
Local Port 49403
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.247, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #245
»
Information Value
Handle 0x398
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.248
Remote Port 445
Local Address 0.0.0.0
Local Port 49404
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.248, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #246
»
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.249
Remote Port 445
Local Address 0.0.0.0
Local Port 49405
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.249, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #247
»
Information Value
Handle 0x58c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.250
Remote Port 445
Local Address 0.0.0.0
Local Port 49406
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.250, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #248
»
Information Value
Handle 0x574
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.251
Remote Port 445
Local Address 0.0.0.0
Local Port 49407
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.251, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #249
»
Information Value
Handle 0x568
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.252
Remote Port 445
Local Address 0.0.0.0
Local Port 49408
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.252, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #250
»
Information Value
Handle 0x3d4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.253
Remote Port 445
Local Address 0.0.0.0
Local Port 49409
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.253, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #251
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.254
Remote Port 445
Local Address 0.0.0.0
Local Port 49410
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.254, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #252
»
Information Value
Handle 0x564
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 192.168.0.255
Remote Port 445
Local Address 0.0.0.0
Local Port 49411
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.168.0.255, remote_port = 445 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #253
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #254
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #255
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #256
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #257
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #258
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #259
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #260
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #261
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #262
»
Information Value
Handle 0x55c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 89.144.25.156
Remote Port 80
Local Address 0.0.0.0
Local Port 49412
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 89.144.25.156, remote_port = 80 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image