9542c4da...9ff2 | Sequential Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Backdoor

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xc38 Analysis Target High (Elevated) laafdy.exe "C:\Users\FD1HVy\Desktop\laafdy.exe" -
#2 0xc70 Child Process High (Elevated) laafdy.exe "C:\Users\FD1HVy\Desktop\laafdy.exe" #1

Behavior Information - Sequential View

Process #1: laafdy.exe
3871 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\laafdy.exe
Command Line "C:\Users\FD1HVy\Desktop\laafdy.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:29, Reason: Analysis Target
Unmonitor End Time: 00:03:25, Reason: Self Terminated
Monitor Duration 00:02:56
OS Process Information
»
Information Value
PID 0xc38
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A6C
0x 6CC
0x 8F0
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
laafdy.exe 0x01300000 0x0142CFFF Process Termination - 32-bit - False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url 0.09 KB MD5: a635d51b90fc12c47dd74b2126c73a83
SHA1: 208591acfec3c5235865395317a5cc2cab9416bd
SHA256: 853ee679a046ef13c6b18fcc601e99e5fcb3ae3d738235d6382f37404745f5c5
SSDeep: 3:HRAbABGQVuOEwREaKC5KkZzIdktXNn:HRYF5OxiaZ5K0ICN
False
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs 0.14 KB MD5: f674e1b3b514a8f401d779ae26147e6b
SHA1: 4822751d6b452261ad539813f99756c4dbf882b6
SHA256: 0a89f1b05c990f5fceaab56d385f8092cbd7960399a31e68f5423ef49cbf0003
SSDeep: 3:jaPcYoncIQBHoEwREaKC5KkZzIdktXNHn:jk+cjIxiaZ5K0IC1
False
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe 1.20 MB MD5: 6d6a9da3ed1f72ed583f4c62373d9530
SHA1: 71961de25ea0d1f47ebfa33382a2db054f193b94
SHA256: 99a1b0fecaeef1933f737c9a8eccf5e05e91ed1aeba46ac9eac2dc7863ca88c5
SSDeep: 24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaR:Lw80cTsjkWag+79b4Kxg
False
Threads
Thread 0xa6c
2931 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75ea4ae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75ea4b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75ea4b20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75ea4b40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75efebc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x75efeb20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x75efeb80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x75ea6700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x75ea6d30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x77bfd7c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x77bfb740 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x75ea6d70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77bfc0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x77bfbe10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77c22b20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77c152f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x75ea71b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x75ea4510 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x7500d900 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x75ea49a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x75ea7050 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x75ea7760 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x75ea7190 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x75ea7780 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x75ea72c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x75ea7440 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x75ea7480 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x74f9e260 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x75ea0db0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\fd1hvy\desktop\laafdy.exe, file_name_orig = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75ea5130 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Control Panel\Mouse True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Control Panel\Mouse, value_name = SwapMouseButtons, data = 48 True 1
Fn
Module Get Filename process_name = c:\users\fd1hvy\desktop\laafdy.exe, file_name_orig = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 32767 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt False 1
Fn
Module Get Filename process_name = c:\users\fd1hvy\desktop\laafdy.exe, file_name_orig = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 32767 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, address_out = 0x75ea6b30 True 1
Fn
File Create filename = C:\Users\FD1HVy\Desktop\laafdy.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\FD1HVy\Desktop\laafdy.exe, type = file_type True 1
Fn
Module Load module_name = C:\Users\FD1HVy\Desktop\laafdy.exe, base_address = 0x1300000 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x75ea6b50 True 1
Fn
System Get Time type = System Time, time = 2019-04-10 11:54:40 (UTC) True 5
Fn
Debug Check for Presence c:\users\fd1hvy\desktop\laafdy.exe True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 True 1
Fn
File Create filename = C:\Users\FD1HVy\Desktop\laafdy.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\FD1HVy\Desktop\laafdy.exe, type = file_type True 1
Fn
Module Load module_name = C:\Users\FD1HVy\Desktop\laafdy.exe, base_address = 0x1300000 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x75ea6b50 True 1
Fn
System Get Time type = System Time, time = 2019-04-10 11:54:40 (UTC) True 8
Fn
Window Create window_name = AutoIt v3, class_name = AutoIt v3, wndproc_parameter = 0 True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
Window Create class_name = edit, wndproc_parameter = 0 True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 3
Fn
Environment Get Environment String name = HOMEDRIVE, result_out = C: True 1
Fn
Environment Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 13
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x75ea56f0 True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Users\FD1HVy\Desktop\laafdy.exe:Zone.Identifier, type = file_attributes False 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
Mutex Create mutex_name = PnPUnattend True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 3
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindResourceW, address_out = 0x75ea4aa0 True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 13
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x761cf0e0 True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 18
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDecrypt, address_out = 0x761d3350 True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 25
Fn
Module Load module_name = Advapi32.dll, base_address = 0x761b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x761cfbc0 True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 10
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 42
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 46
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 42
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 40
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 38
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 43
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 35
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 35
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 22
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 41
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 45
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 42
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 41
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 34
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 15
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 41
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 38
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 46
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 41
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 37
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 34
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 11
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 34
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 32
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 42
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 33
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 40
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 34
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 36
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 35
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 23
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 21
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 42
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 38
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 31
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 31
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 33
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 38
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 40
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 2
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 42
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 40
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 31
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 35
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 35
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 40
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 32
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 30
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 35
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 31
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 43
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 43
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 45
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 41
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 46
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 49
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 48
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 46
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 40
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 32
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 40
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 41
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 43
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 46
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 46
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 48
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 46
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 44
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 2
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 42
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 45
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 45
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 39
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 43
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 33
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
System Sleep duration = 10 milliseconds (0.010 seconds) True 29
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 46
Fn
File Get Info filename = C:\Users\FD1HVy\AppData\Roaming\phoneactivate, type = file_attributes False 1
Fn
File Create Directory C:\Users\FD1HVy\AppData\Roaming\phoneactivate True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
File Create filename = C:\Users\FD1HVy\Desktop\laafdy.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Create filename = C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Read filename = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 65536, size_out = 65536 True 19
Fn
Data
File Read filename = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 65536, size_out = 10632 True 1
Fn
Data
File Create filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Create filename = C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 2
Fn
File Write filename = C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs, size = 139 True 1
Fn
Data
File Write filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url, size = 97 True 1
Fn
Data
File Write filename = C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe, size = 1255824 True 1
Fn
System Sleep duration = 750 milliseconds (0.750 seconds) True 1
Fn
File Get Info filename = AboveLockAppHost.exe, type = file_attributes True 2
Fn
File Get Info filename = phoneactivate, type = file_attributes True 2
Fn
Process #2: laafdy.exe
498 13
»
Information Value
ID #2
File Name c:\users\fd1hvy\desktop\laafdy.exe
Command Line "C:\Users\FD1HVy\Desktop\laafdy.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:03:18, Reason: Child Process
Unmonitor End Time: 00:04:39, Reason: Terminated by Timeout
Monitor Duration 00:01:20
OS Process Information
»
Information Value
PID 0xc70
Parent PID 0xc38 (c:\users\fd1hvy\desktop\laafdy.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D64
0x 1A4
0x E5C
0x 838
0x DA4
0x B80
0x 9C0
0x 840
0x EE4
0x 744
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 0x00400000 0x00419FFF Marked Executable - 32-bit - False
laafdy.exe 0x01300000 0x0142CFFF Forced - 32-bit - False
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00418340 False
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040CC74 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B8A0, 0x00401000, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040928E, 0x00408FA2, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040AAE3 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00407000 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00402193 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A, 0x0040CE70, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040872E True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00402193 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A, 0x0040CE70, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040872E True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
Threads
Thread 0xd64
297 9
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x75ea5020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75edf8f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75edf750 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75ededc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75efdd50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address_out = 0x75ee44e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address_out = 0x75ee42f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x75ea5750 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75efea20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75efea10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x75efed30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x75ea1ee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindResourceA, address_out = 0x75ee27c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75ea5cc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x75efeac0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x75ea8810 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75eff0d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameW, address_out = 0x75ed1710 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynA, address_out = 0x75ea6c10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x75ea5070 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75ea3cb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AllocConsole, address_out = 0x75eff430 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x75ee28e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadResource, address_out = 0x75ea5b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LockResource, address_out = 0x75ea5bc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SizeofResource, address_out = 0x75ea6740 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75ea50b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x75efeb40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75ea5010 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75ea5090 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75eff100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75ea5a80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75ea51b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingA, address_out = 0x75eddb60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFileEx, address_out = 0x75ea5c00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x75ea6800 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75efed70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address_out = 0x77c16390 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDriveStringsA, address_out = 0x75ee3590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75efece0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75efef10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75efed40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75efed10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75ea46b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x75efef30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x75eff120 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x75efeec0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75ea6c50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75efedf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75efee40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x75ea4590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x75ea45b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PeekNamedPipe, address_out = 0x75ea74d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75eff090 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75eff180 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75ea67e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x75efec50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75ea57b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75ea57f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75ea6760 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocalTime, address_out = 0x75ea5060 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventA, address_out = 0x75efeb00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75efeca0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75efeab0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x75ea5b20 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x761b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x761d0580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExA, address_out = 0x761d1960 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x761cf890 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ChangeServiceConfigW, address_out = 0x761e2670 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x761d2380 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x761e26d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x761d0540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = StartServiceW, address_out = 0x761d3b20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerA, address_out = 0x761d07e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = EnumServicesStatusW, address_out = 0x761f4350 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x761cfa20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteKeyA, address_out = 0x761cf8c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x761cf210 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x761ced60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x761cf020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x761ce5a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x761ce580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x761cffc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyA, address_out = 0x761d1fa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x761cf530 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyW, address_out = 0x761cf9b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumValueW, address_out = 0x761cf250 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExW, address_out = 0x761cefd0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x761cf270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x761cf4f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x761cffa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueA, address_out = 0x761c8b30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x761cefb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x761cfc00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceConfigW, address_out = 0x761cfbe0 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x75b70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDIBits, address_out = 0x75b76680 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetObjectA, address_out = 0x75b739f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = StretchBlt, address_out = 0x75b73810 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x75b76460 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x75b752b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x75b75870 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x75b76640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75b75c60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x75b765a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCA, address_out = 0x75b76a90 True 1
Fn
Module Load module_name = gdiplus.dll, base_address = 0x739a0000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipLoadImageFromStreamICM, address_out = 0x739f51f0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipLoadImageFromStream, address_out = 0x739f6ac0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipDisposeImage, address_out = 0x73a0a860 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipCloneImage, address_out = 0x73a069c0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipAlloc, address_out = 0x73a03c70 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipSaveImageToStream, address_out = 0x73a08ec0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipGetImageEncoders, address_out = 0x73a03cf0 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipGetImageEncodersSize, address_out = 0x73a03e90 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdipFree, address_out = 0x73a03f40 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll, function = GdiplusStartup, address_out = 0x73a0f300 True 1
Fn
Module Load module_name = MSVCP60.dll, base_address = 0x73ed0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ, address_out = 0x73ee9230 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z, address_out = 0x73efb3e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z, address_out = 0x73eda480 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z, address_out = 0x73edd590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z, address_out = 0x73eee3a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z, address_out = 0x73eee380 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z, address_out = 0x73efb920 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ, address_out = 0x73ef0c80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0Init@ios_base@std@@QAE@XZ, address_out = 0x73ef6fb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??1Init@ios_base@std@@QAE@XZ, address_out = 0x73ef70f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0_Winit@std@@QAE@XZ, address_out = 0x73ef8ad0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??1_Winit@std@@QAE@XZ, address_out = 0x73ef8c10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z, address_out = 0x73ee8af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z, address_out = 0x73edab70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z, address_out = 0x73eedba0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73ee8ed0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73eed460 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z, address_out = 0x73edacb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ, address_out = 0x73ee8f00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ, address_out = 0x73eed4a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ, address_out = 0x73ee8eb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z, address_out = 0x73eeda60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z, address_out = 0x73ef3db0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ, address_out = 0x73eed3f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z, address_out = 0x73edad40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ, address_out = 0x73ee0f70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z, address_out = 0x73efcd60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73ee0da0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z, address_out = 0x73ee0de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z, address_out = 0x73edac90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ, address_out = 0x73eed480 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z, address_out = 0x73eedb70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z, address_out = 0x73edac30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ, address_out = 0x73ef0cf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z, address_out = 0x73ef5020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z, address_out = 0x73eedae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z, address_out = 0x73ef3d80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z, address_out = 0x73efcbe0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z, address_out = 0x73ee0dc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB, address_out = 0x73ed5df8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z, address_out = 0x73ef3f70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z, address_out = 0x73efcca0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z, address_out = 0x73ef3de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z, address_out = 0x73efcc40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73edd550 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z, address_out = 0x73efcb70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z, address_out = 0x73efca50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z, address_out = 0x73ee86e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z, address_out = 0x73efc410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z, address_out = 0x73efc9f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z, address_out = 0x73efc0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z, address_out = 0x73edd540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z, address_out = 0x73ee0d90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z, address_out = 0x73edab20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z, address_out = 0x73edc230 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??1out_of_range@std@@UAE@XZ, address_out = 0x73edcf20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0out_of_range@std@@QAE@ABV01@@Z, address_out = 0x73edc200 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0logic_error@std@@QAE@ABV01@@Z, address_out = 0x73edc110 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ, address_out = 0x73ee8ee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ, address_out = 0x73ee8f30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ, address_out = 0x73edc8b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z, address_out = 0x73edad10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z, address_out = 0x73edabd0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z, address_out = 0x73efcab0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z, address_out = 0x73ee0b30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ, address_out = 0x73eed3e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z, address_out = 0x73efc3b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ, address_out = 0x73ef4c40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73ee98e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73ee8f10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ, address_out = 0x73ef0ce0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB, address_out = 0x73ed5df0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z, address_out = 0x73ef4fe0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z, address_out = 0x73edac00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73edd500 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, address_out = 0x73edc8a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z, address_out = 0x73edab50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z, address_out = 0x73edaaf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcp60.dll, function = ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73ee0d50 True 1
Fn
Module Load module_name = MSVCRT.dll, base_address = 0x77a30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _controlfp, address_out = 0x77ac8ac0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _except_handler3, address_out = 0x77a87d94 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __set_app_type, address_out = 0x77a871c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __p__fmode, address_out = 0x77a65870 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __p__commode, address_out = 0x77a65840 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _adjust_fdiv, address_out = 0x77ae4bd4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __setusermatherr, address_out = 0x77ac7030 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _initterm, address_out = 0x77a95ea0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __getmainargs, address_out = 0x77a65730 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _acmdln, address_out = 0x77ae3b94 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _XcptFilter, address_out = 0x77a84820 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _exit, address_out = 0x77a95ad0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = ??1type_info@@UAE@XZ, address_out = 0x77a70b70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _onexit, address_out = 0x77a86aa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __dllonexit, address_out = 0x77a869c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = freopen, address_out = 0x77aa8860 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = wcscat, address_out = 0x77ab8fb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _itow, address_out = 0x77a60ab0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _wsystem, address_out = 0x77a739e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = sprintf, address_out = 0x77aa4670 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = wcscpy, address_out = 0x77ab8ff0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = wcslen, address_out = 0x77ab9200 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _wgetenv, address_out = 0x77a89fc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = exit, address_out = 0x77a96100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _EH_prolog, address_out = 0x77a6a210 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __CxxFrameHandler, address_out = 0x77a6aaa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = tolower, address_out = 0x77a62520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = wcscmp, address_out = 0x77ab90e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = atoi, address_out = 0x77a5fed0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _wrename, address_out = 0x77a67920 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = ??2@YAPAXI@Z, address_out = 0x77a74980 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = getenv, address_out = 0x77a8b6a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = ??3@YAXPAX@Z, address_out = 0x77a749b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _CxxThrowException, address_out = 0x77a6a1b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = ??0exception@@QAE@ABV0@@Z, address_out = 0x77a68be0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = printf, address_out = 0x77aa4140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = strncmp, address_out = 0x77ab8950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = malloc, address_out = 0x77a77230 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = free, address_out = 0x77a77070 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _iob, address_out = 0x77ae2608 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _itoa, address_out = 0x77a605c0 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x76480000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ExtractIconA, address_out = 0x7665f160 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x766dcdd0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExA, address_out = 0x76683f70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x765e42e0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x75f60000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = StrToIntA, address_out = 0x75f7ccb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x75f74660 True 1
Fn
Module Load module_name = urlmon.dll, base_address = 0x73d30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\urlmon.dll, function = URLDownloadToFileW, address_out = 0x73db2f60 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74b70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreatePopupMenu, address_out = 0x74b935d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = AppendMenuA, address_out = 0x74bef1a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExA, address_out = 0x74b88260 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExA, address_out = 0x74b91470 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x74b9f210 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x74ba3420 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendInput, address_out = 0x74ba3bd0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x74b70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetCursorInfo, address_out = 0x74ba33b0 True 1
Fn
Module Load module_name = User32.dll, base_address = 0x74b70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetLastInputInfo, address_out = 0x74b8bd10 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleWindow, address_out = 0x75ee9b20 True 1
Fn
Module Get Handle module_name = private_0x0000000000400000, base_address = 0x400000 True 1
Fn
Mutex Create mutex_name = Net123432asdds-QHTWEM True 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x76180000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExA, address_out = 0x76181660 True 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x76180000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x761813f0 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x75ea5770 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75ea5a20 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameExW, address_out = 0x75ea4cf0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shell32.dll, base_address = 0x76480000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = IsUserAnAdmin, address_out = 0x766f38b0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetProcessDEPPolicy, address_out = 0x75ea3cd0 True 1
Fn
Module Get Filename process_name = c:\users\fd1hvy\desktop\laafdy.exe, file_name_orig = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 260 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 87 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = licence, data = CE0114D6E646D028D2ADA7FD688540F2, size = 32, type = REG_SZ True 1
Fn
System Get Computer Name result_out = NQdPdE, type = ComputerNameDnsHostname True 1
Fn
User Get Username user_name_out = FD1HVy True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_UNSPEC, type = SOCK_STREAM True 1
Fn
DNS Resolve Name host = micxrus.ru, address_out = 194.5.98.89 True 1
Fn
Socket Connect remote_address = 194.5.98.89, remote_port = 1530 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = name, data = 0 False 1
Fn
System Get Time type = Ticks, time = 292859 True 2
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 18870484 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 398, size_out = 398 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1000, size_out = 27 True 4
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1000 False 1
Fn
Thread 0xe5c
108 0
»
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\, value_name = override, data = 0, type = REG_NONE False 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Thread 0x838
4 1
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 293515 True 2
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 51574624 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Thread 0xda4
29 0
»
Category Operation Information Success Count Logfile
System Sleep duration = 1000 milliseconds (1.000 seconds) True 77
Fn
Thread 0xb80
4 1
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 313390 True 2
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 51574676 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Thread 0xee4
4 1
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 333390 True 2
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 59964016 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Thread 0x744
4 1
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 353515 True 2
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 59962568 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image