d01aa424...7874 | Grouped Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Target: win7_32_sp1 | java
Classification: Trojan

d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874 (SHA256)

d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar

Java Archive

Created at 2018-02-24 20:28:00

...

Notifications (1/1)

The operating system was rebooted during the analysis because the sample installed a startup script or application for persistence.

Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa14 Analysis Target High (Elevated) java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR" -
#2 0xa9c Child Process High (Elevated) java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class #1
#3 0xae8 Child Process High (Elevated) cmd.exe cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs #1
#4 0xb00 Child Process High (Elevated) cscript.exe cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs #3
#6 0xb48 Child Process High (Elevated) cmd.exe cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs #2
#7 0xb60 Child Process High (Elevated) cscript.exe cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs #6
#8 0xb7c Child Process High (Elevated) cmd.exe cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs #1
#9 0xba0 Child Process High (Elevated) cscript.exe cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs #8
#10 0xbac Child Process High (Elevated) cmd.exe cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs #2
#11 0xbd0 Child Process High (Elevated) cscript.exe cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs #10
#12 0xbfc Child Process High (Elevated) xcopy.exe xcopy "C:\Program Files\Java\jre7" "C:\Users\EEBsYm5\AppData\Roaming\Oracle\" /e #1
#13 0xc1c Child Process High (Elevated) cmd.exe cmd.exe #2
#14 0xc74 Child Process High (Elevated) cmd.exe cmd.exe #1
#15 0xcec Child Process High (Elevated) reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v eUOfVMeBSPH /t REG_EXPAND_SZ /d "\"C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj\"" /f #1
#16 0xcf4 Child Process High (Elevated) attrib.exe attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl\*.*" #1
#17 0xcfc Child Process High (Elevated) attrib.exe attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl" #1
#18 0xd04 Child Process High (Elevated) javaw.exe C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj #1
#21 0x6b4 Autostart Medium javaw.exe "C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj" -

Behavior Information - Grouped by Category

Process #1: java.exe
9761 7
»
Information Value
ID #1
File Name c:\program files\java\jre7\bin\java.exe
Command Line "C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:00:32, Reason: Analysis Target
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:02:09
OS Process Information
»
Information Value
PID 0xa14
Parent PID 0x60c (c:\windows\explorer.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A18
0x A2C
0x A30
0x A34
0x A38
0x A44
0x A3C
0x A40
0x A4C
0x A48
0x A58
0x AC4
0x AC8
0x ACC
0x AD0
0x B18
0x B1C
0x D0C
0x D28
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00042fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000c0000 0x000c0000 0x00187fff Pagefile Backed Memory Readable True False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory Readable, Writable True False False -
private_0x00000000001a0000 0x001a0000 0x001a0fff Private Memory Readable, Writable True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c1fff Pagefile Backed Memory Readable True False False -
private_0x00000000001d0000 0x001d0000 0x0021ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000220000 0x00220000 0x00320fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000330000 0x00330000 0x00336fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000340000 0x00340000 0x00341fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000350000 0x00350000 0x00350fff Private Memory Readable True False False -
private_0x0000000000360000 0x00360000 0x00360fff Private Memory Readable, Writable True False False -
2580 0x00370000 0x0037ffff Memory Mapped File Readable, Writable True False False -
private_0x0000000000380000 0x00380000 0x0038ffff Private Memory Readable, Writable True False False -
private_0x0000000000390000 0x00390000 0x0039ffff Private Memory Readable, Writable True False False -
private_0x00000000003a0000 0x003a0000 0x003affff Private Memory Readable, Writable True False False -
private_0x00000000003c0000 0x003c0000 0x004bffff Private Memory Readable, Writable True False False -
pagefile_0x00000000004c0000 0x004c0000 0x010bffff Pagefile Backed Memory Readable True False False -
private_0x00000000010c0000 0x010c0000 0x011bffff Private Memory Readable, Writable True False False -
private_0x00000000011c0000 0x011c0000 0x011effff Private Memory Readable, Writable True False False -
private_0x0000000001210000 0x01210000 0x0121ffff Private Memory Readable, Writable True False False -
private_0x0000000001230000 0x01230000 0x0123ffff Private Memory Readable, Writable True False False -
private_0x0000000001240000 0x01240000 0x0129ffff Private Memory Readable, Writable True False False -
private_0x00000000012a0000 0x012a0000 0x012effff Private Memory Readable, Writable True False False -
private_0x00000000012f0000 0x012f0000 0x0136ffff Private Memory Readable, Writable True False False -
rsaenh.dll 0x01370000 0x013abfff Memory Mapped File Readable False False False -
java.exe 0x013b0000 0x013defff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x00000000013e0000 0x013e0000 0x017d2fff Pagefile Backed Memory Readable True False False -
private_0x00000000017e0000 0x017e0000 0x018dffff Private Memory Readable, Writable True False False -
private_0x00000000018e0000 0x018e0000 0x038dffff Private Memory Readable, Writable True False False -
private_0x00000000038e0000 0x038e0000 0x0398ffff Private Memory Readable, Writable True False False -
private_0x00000000039d0000 0x039d0000 0x03a1ffff Private Memory Readable, Writable True False False -
private_0x0000000003a50000 0x03a50000 0x03a9ffff Private Memory Readable, Writable True False False -
private_0x0000000003ad0000 0x03ad0000 0x03b1ffff Private Memory Readable, Writable True False False -
private_0x0000000003b50000 0x03b50000 0x03b9ffff Private Memory Readable, Writable True False False -
private_0x0000000003ba0000 0x03ba0000 0x03beffff Private Memory Readable, Writable True False False -
private_0x0000000003c00000 0x03c00000 0x03c4ffff Private Memory Readable, Writable True False False -
private_0x0000000003c50000 0x03c50000 0x03e02fff Private Memory Readable, Writable True False False -
private_0x0000000003c70000 0x03c70000 0x03cbffff Private Memory Readable, Writable True False False -
private_0x0000000003cd0000 0x03cd0000 0x03d1ffff Private Memory Readable, Writable True False False -
private_0x0000000003d50000 0x03d50000 0x03d9ffff Private Memory Readable, Writable True False False -
private_0x0000000003da0000 0x03da0000 0x03f9ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x03fa0000 0x0426efff Memory Mapped File Readable False False False -
private_0x0000000004270000 0x04270000 0x0442ffff Private Memory Readable, Writable True False False -
private_0x0000000004270000 0x04270000 0x0435ffff Private Memory Readable, Writable True False False -
kernelbase.dll.mui 0x04270000 0x0432ffff Memory Mapped File Readable, Writable False False False -
private_0x0000000004350000 0x04350000 0x0435ffff Private Memory Readable, Writable True False False -
private_0x00000000043a0000 0x043a0000 0x043effff Private Memory Readable, Writable True False False -
private_0x00000000043f0000 0x043f0000 0x0442ffff Private Memory Readable, Writable True False False -
private_0x0000000004430000 0x04430000 0x0482ffff Private Memory Readable, Writable True False False -
private_0x0000000004830000 0x04830000 0x0495ffff Private Memory Readable, Writable True False False -
private_0x0000000004880000 0x04880000 0x048cffff Private Memory Readable, Writable True False False -
rpcss.dll 0x048d0000 0x0492bfff Memory Mapped File Readable False False False -
private_0x0000000004950000 0x04950000 0x0495ffff Private Memory Readable, Writable True False False -
private_0x0000000004960000 0x04960000 0x04abffff Private Memory Readable, Writable True False False -
private_0x0000000004960000 0x04960000 0x04a5ffff Private Memory Readable, Writable True False False -
private_0x0000000004a80000 0x04a80000 0x04abffff Private Memory Readable, Writable True False False -
private_0x0000000004ac0000 0x04ac0000 0x052bffff Private Memory Readable, Writable True False False -
private_0x00000000052d0000 0x052d0000 0x0531ffff Private Memory Readable, Writable True False False -
private_0x0000000005320000 0x05320000 0x053dffff Private Memory Readable, Writable True False False -
private_0x00000000053f0000 0x053f0000 0x0543ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000005440000 0x05440000 0x0551efff Pagefile Backed Memory Readable True False False -
private_0x0000000023860000 0x23860000 0x28daffff Private Memory Readable, Writable True False False -
private_0x0000000028db0000 0x28db0000 0x3385ffff Private Memory Readable, Writable True False False -
private_0x0000000033860000 0x33860000 0x3785ffff Private Memory Readable, Writable True False False -
classes.jsa 0x37860000 0x37c9ffff Memory Mapped File Readable False False False -
private_0x0000000037ca0000 0x37ca0000 0x3825ffff Private Memory Readable, Writable True False False -
classes.jsa 0x38260000 0x388affff Memory Mapped File Readable, Writable False False False -
private_0x00000000388b0000 0x388b0000 0x38e5ffff Private Memory Readable, Writable True False False -
classes.jsa 0x38e60000 0x390cffff Memory Mapped File Readable, Writable False False False -
private_0x00000000390d0000 0x390d0000 0x3925ffff Private Memory Readable, Writable True False False -
private_0x0000000039260000 0x39260000 0x3926ffff Private Memory Readable, Writable True False False -
private_0x0000000039270000 0x39270000 0x3965ffff Private Memory Readable, Writable True False False -
awt.dll 0x6cc60000 0x6cda2fff Memory Mapped File Readable, Writable, Executable True False False -
jvm.dll 0x6cf60000 0x6d2dffff Memory Mapped File Readable, Writable, Executable False False False -
winmm.dll 0x6eae0000 0x6eb11fff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x6eb20000 0x6eb25fff Memory Mapped File Readable, Writable, Executable False False False -
sunmscapi.dll 0x6f470000 0x6f478fff Memory Mapped File Readable, Writable, Executable False False False -
sunec.dll 0x6f480000 0x6f49ffff Memory Mapped File Readable, Writable, Executable False False False -
net.dll 0x6f4a0000 0x6f4b3fff Memory Mapped File Readable, Writable, Executable True False False -
zip.dll 0x6f4c0000 0x6f4d2fff Memory Mapped File Readable, Writable, Executable True False False -
nio.dll 0x6f570000 0x6f57efff Memory Mapped File Readable, Writable, Executable True False False -
java.dll 0x6f580000 0x6f59ffff Memory Mapped File Readable, Writable, Executable True False False -
msvcr100.dll 0x6f5a0000 0x6f65efff Memory Mapped File Readable, Writable, Executable False False False -
verify.dll 0x71c10000 0x71c1bfff Memory Mapped File Readable, Writable, Executable True False False -
wsock32.dll 0x71ce0000 0x71ce6fff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x73380000 0x733b7fff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x734c0000 0x734c6fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x734d0000 0x734ebfff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x735e0000 0x735effff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x73c20000 0x73c27fff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x73c30000 0x73c41fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x73c60000 0x73c6ffff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x73da0000 0x73db2fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x740d0000 0x7410ffff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x74250000 0x743edfff Memory Mapped File Readable, Writable, Executable False False False -
wshtcpip.dll 0x74850000 0x74854fff Memory Mapped File Readable, Writable, Executable False False False -
userenv.dll 0x74920000 0x74936fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74ae0000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74bc0000 0x74c03fff Memory Mapped File Readable, Writable, Executable False False False -
wship6.dll 0x74cf0000 0x74cf5fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x74d00000 0x74d3bfff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74d40000 0x74d55fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x751c0000 0x751cbfff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x75270000 0x7527afff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x752e0000 0x752ebfff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x75320000 0x7543cfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x75570000 0x761b9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76b40000 0x76bcefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x76d70000 0x76ecbfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
psapi.dll 0x77260000 0x77264fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
private_0x000000007ffae000 0x7ffae000 0x7ffaefff Private Memory Readable, Writable True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory Readable, Writable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory Readable, Writable True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory Readable, Writable True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory Readable, Writable True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory Readable, Writable True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory Readable, Writable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory Readable, Writable True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory Readable, Writable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
For performance reasons, the remaining 14 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\eebsym5\appdata\local\temp\_0.86996859035608224741331762670039370.class 0.00 KB MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
...
c:\users\eebsym5\appdata\local\temp\retrive6349682593628295348.vbs 0.00 KB MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
...
c:\users\eebsym5\appdata\local\temp\retrive5365638019239783154.vbs 0.00 KB MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
...
c:\users\eebsym5\appdata\local\temp\_0.86996859035608224741331762670039370.class 241.30 KB MD5: 781fb531354d6f291f1ccab48da6d39f
SHA1: 9ce4518ebcb5be6d1f0b5477fa00c26860fe9a68
SHA256: 97d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9 		False
...
c:\users\eebsym5\appdata\local\temp\retrive6349682593628295348.vbs 0.27 KB MD5: 3bdfd33017806b85949b6faa7d4b98e4
SHA1: f92844fee69ef98db6e68931adfaa9a0a0f8ce66
SHA256: 9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6 		False
...
c:\users\eebsym5\appdata\local\temp\retrive5365638019239783154.vbs 0.27 KB MD5: a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510
SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 		False
...
c:\users\eebsym5\pkcvbksqerl\id.txt 0.05 KB MD5: df2c86399cc6351ba9d77881c87f201f
SHA1: bd38681542cb4f76b94507343159cca6e5c89497
SHA256: 08af25f22935ea54454d956d921ac38725db45a49a8e615b59ea17eeac5a89d1 		False
...
c:\users\eebsym5\pkcvbksqerl\zpebztplufw.bnnkgj 542.74 KB MD5: e891e59a10a74f7544fbeffe20d46d49
SHA1: e9ba832a241996225f6a30f9f60b52ba91ca342c
SHA256: d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874 		False
...
Host Behavior
File (7345)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Program Files\Java\jre7\lib\rt.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\meta-index desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\meta-index desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\resources.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\resources.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\resources.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\tzmappings file_attributes = _O_RDONLY True 1
Fn
Create C:\Program Files\Java\jre7\lib\zi\America\Godthab desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\currency.data desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\jce.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\java.security desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\jsse.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunec.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunec.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\rt.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\jce.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\US_export_policy.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\US_export_policy.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\local_policy.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\local_policy.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\cacerts desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\net.properties desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunec.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\.accessibility.properties desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Java\jre7\lib\accessibility.properties desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create \etc\release desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Windows\System32\test.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\PKcVbKSqerl\ID.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create Directory C:\Users\EEBsYm5\PKcVbKSqerl - True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\zip.dll type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\meta-index type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\meta-index type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\meta-index type = size, size_out = 829 True 1
Fn
Get Info C:\Windows\Sun\Java\lib\ext\meta-index type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\access-bridge.jar type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\dnsns.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\jaccess.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\localedata.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunec.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunpkcs11.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\zipfs.jar type = file_attributes True 2
Fn
Get Info C:\Windows\Sun\Java\lib\ext type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar type = file_attributes True 68
Fn
Get Info C:\Program Files\Java\jre7\lib\management\usagetracker.properties type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR type = time True 1
Fn
Get Info C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\resources.jar type = file_attributes True 6
Fn
Get Info C:\Program Files\Java\jre7\lib\meta-index type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\meta-index type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\meta-index type = size, size_out = 2190 True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\rt.jar type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\sunrsasign.jar type = file_attributes False 3
Fn
Get Info C:\Program Files\Java\jre7\lib\jsse.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\jce.jar type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\charsets.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\jfr.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\classes type = file_attributes False 4
Fn
Get Info C:\Program Files\Java\jre7\meta-index type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\lib\resources.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\resources.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\net.dll type = file_attributes True 7
Fn
Get Info C:\Program Files\Java\jre7\bin\nio.dll type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\zi\America\Godthab type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\currency.properties type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\java.security type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\java.security type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\java.security type = size, size_out = 17824 True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunec.jar type = time True 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\x86\sunec.dll type = file_attributes False 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\sunec.dll type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\bin\sunec.dll type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\rt.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\jce.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\US_export_policy.jar type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\local_policy.jar type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\US_export_policy.jar type = time True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\local_policy.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\bin type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\awt.dll type = file_attributes True 6
Fn
Get Info C:\Program Files\Java\jre7\bin\axbridge.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\client type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\dcpr.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\decora-sse.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\deploy.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\dtplugin type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\dt_shmem.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\dt_socket.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\eula.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\fontmanager.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\fxplugins.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\glass.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\glib-lite.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\gstreamer-lite.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\hprof.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\installer.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\instrument.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\j2pcsc.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\j2pkcs11.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jaas_nt.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jabswitch.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\java-rmi.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\java.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\java.exe type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\bin\JavaAccessBridge.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\javacpl.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\javafx-font.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\javafx-iio.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\javaw.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\javaws.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\java_crw_demo.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jawt.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\JAWTAccessBridge.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\JdbcOdbc.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jdwp.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jfr.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jfxmedia.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jfxwebkit.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jli.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jp2iexp.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jp2launcher.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jp2native.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jp2ssv.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jpeg.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jpicom.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jpiexp.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jpinscp.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jpioji.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jpishare.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jqs.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jsdt.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jsound.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\jsoundds.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\kcms.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\keytool.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\kinit.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\klist.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\ktab.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\libxml2.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\libxslt.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\management.dll type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\bin\mlib_image.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\msvcr100.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\npjpi170_45.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\npoji610.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\npt.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\orbd.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\pack200.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\plugin2 type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\policytool.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\prism-d3d.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\rmid.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\rmiregistry.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\servertool.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\splashscreen.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\ssv.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\ssvagent.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\sunmscapi.dll type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\bin\t2k.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\tnameserv.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\unpack.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\unpack200.exe type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\verify.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\WindowsAccessBridge.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\wsdetect.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\jssecacerts type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\cacerts type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar type = time True 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\x86\sunmscapi.dll type = file_attributes False 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\sunmscapi.dll type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\lib\net.properties type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\net.properties type = size, size_out = 3070 True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunec.jar type = time True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\bin\java type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\jaxp.properties type = file_attributes False 2
Fn
Get Info C:\Program Files\Java\jre7\lib\swing.properties type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs type = file_attributes False 1
Fn
Get Info - type = file_type True 2
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs type = file_attributes False 1
Fn
Get Info - type = file_type True 2
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs type = file_type True 1302
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe type = file_attributes True 1
Fn
Get Info - type = file_type True 18
Fn
Get Info C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar type = time True 1
Fn
Get Info C:\Users\EEBsYm5\PKcVbKSqerl type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\PKcVbKSqerl\ID.txt type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\PKcVbKSqerl type = file_attributes True 1
Fn
Open STD_INPUT_HANDLE - True 1325
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7, size_out = 7 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1781193, size_out = 1781193 True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 160, size_out = 160 True 542
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 30, size_out = 30 True 542
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 709, size_out = 709 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 277, size_out = 277 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2305, size_out = 2305 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1022, size_out = 1022 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2882, size_out = 2882 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 104, size_out = 104 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 728, size_out = 728 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 345, size_out = 345 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 815, size_out = 815 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1105, size_out = 1105 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1761, size_out = 1761 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 514, size_out = 514 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 970, size_out = 970 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2589, size_out = 2589 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1008, size_out = 1008 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2004, size_out = 2004 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 669, size_out = 669 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\meta-index size = 8192, size_out = 829 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 962, size_out = 962 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 934, size_out = 934 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1720, size_out = 1720 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1012, size_out = 1012 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3028, size_out = 3028 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1111, size_out = 1111 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2976, size_out = 2976 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 672, size_out = 672 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1189, size_out = 1189 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2646, size_out = 2646 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\meta-index size = 8192, size_out = 0 True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 966, size_out = 966 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 800, size_out = 800 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1280, size_out = 1280 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 609, size_out = 609 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 628, size_out = 628 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 328, size_out = 328 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 327, size_out = 327 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12212, size_out = 12212 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 748, size_out = 748 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6630, size_out = 6630 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3392, size_out = 3392 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR size = 4, size_out = 4 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR size = 128, size_out = 128 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR size = 13079, size_out = 13079 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2563, size_out = 2563 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 476, size_out = 476 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2703, size_out = 2703 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 753, size_out = 753 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3690, size_out = 3690 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3361, size_out = 3361 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3599, size_out = 3599 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR size = 160, size_out = 160 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 260, size_out = 260 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1899, size_out = 1899 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 678, size_out = 678 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR size = 30, size_out = 30 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR size = 173, size_out = 173 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1909, size_out = 1909 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 670, size_out = 670 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 762, size_out = 762 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1016, size_out = 1016 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1133, size_out = 1133 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 921, size_out = 921 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 13079, size_out = 13079 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 160, size_out = 160 True 114
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 30, size_out = 30 True 160
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 173, size_out = 173 True 4
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 269, size_out = 269 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 480, size_out = 480 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 645, size_out = 645 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 573, size_out = 573 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 535, size_out = 535 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 546, size_out = 546 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5358, size_out = 5358 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2540, size_out = 2540 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 486, size_out = 486 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 703, size_out = 703 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 740, size_out = 740 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 802, size_out = 802 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1127, size_out = 1127 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\meta-index size = 8192, size_out = 2190 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\meta-index size = 8192, size_out = 0 True 1
Fn
Read C:\Program Files\Java\jre7\lib\resources.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 33985, size_out = 33985 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 160, size_out = 160 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 30, size_out = 30 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 92, size_out = 92 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1663, size_out = 1663 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1453, size_out = 1453 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3061, size_out = 3061 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 716, size_out = 716 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 214, size_out = 214 True 4
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 545, size_out = 545 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 718, size_out = 718 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 10050, size_out = 10050 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 647, size_out = 647 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 270, size_out = 270 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2524, size_out = 2524 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1399, size_out = 1399 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2750, size_out = 2750 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6082, size_out = 6082 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 34919, size_out = 34919 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 959, size_out = 959 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 737, size_out = 737 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 62696, size_out = 62696 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4963, size_out = 4963 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 585, size_out = 585 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1385, size_out = 1385 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 294, size_out = 294 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 33801, size_out = 33801 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 154, size_out = 154 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 348, size_out = 348 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1695, size_out = 1695 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1902, size_out = 1902 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 302, size_out = 302 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 45824, size_out = 45824 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1188, size_out = 1188 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3195, size_out = 3195 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3099, size_out = 3099 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 851, size_out = 851 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1462, size_out = 1462 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3589, size_out = 3589 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 402, size_out = 402 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1366, size_out = 1366 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 151, size_out = 151 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2327, size_out = 2327 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2682, size_out = 2682 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3211, size_out = 3211 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6372, size_out = 6372 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8606, size_out = 8606 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 360, size_out = 360 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4102, size_out = 4102 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2132, size_out = 2132 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12227, size_out = 12227 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1230, size_out = 1230 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4933, size_out = 4933 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4365, size_out = 4365 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 890, size_out = 890 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12321, size_out = 12321 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5865, size_out = 5865 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 11499, size_out = 11499 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 330, size_out = 330 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 27736, size_out = 27736 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12797, size_out = 12797 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2945, size_out = 2945 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4616, size_out = 4616 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 21515, size_out = 21515 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1396, size_out = 1396 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 582, size_out = 582 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2709, size_out = 2709 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2124, size_out = 2124 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 718, size_out = 718 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 284, size_out = 284 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 14716, size_out = 14716 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2111, size_out = 2111 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8292, size_out = 8292 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6007, size_out = 6007 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2905, size_out = 2905 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 937, size_out = 937 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1544, size_out = 1544 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12572, size_out = 12572 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1904, size_out = 1904 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2008, size_out = 2008 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 783, size_out = 783 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 832, size_out = 832 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 76, size_out = 76 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6363, size_out = 6363 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 9943, size_out = 9943 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 596, size_out = 596 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 612, size_out = 612 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 544, size_out = 544 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 697, size_out = 697 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 604, size_out = 604 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 591, size_out = 591 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 452, size_out = 452 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 586, size_out = 586 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 525, size_out = 525 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1974, size_out = 1974 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1159, size_out = 1159 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 426, size_out = 426 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7100, size_out = 7100 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 229, size_out = 229 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 366, size_out = 366 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1120, size_out = 1120 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\zi\America\Godthab size = 1036, size_out = 1036 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3241, size_out = 3241 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 784, size_out = 784 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1886, size_out = 1886 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2962, size_out = 2962 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 632, size_out = 632 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5472, size_out = 5472 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\currency.data size = 8192, size_out = 4200 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 10775, size_out = 10775 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6736, size_out = 6736 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 11754, size_out = 11754 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4772, size_out = 4772 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3581, size_out = 3581 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5154, size_out = 5154 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6596, size_out = 6596 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6452, size_out = 6452 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 483, size_out = 483 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 375, size_out = 375 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 549, size_out = 549 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 598, size_out = 598 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3389, size_out = 3389 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2486, size_out = 2486 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8998, size_out = 8998 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4936, size_out = 4936 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2439, size_out = 2439 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2652, size_out = 2652 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 213, size_out = 213 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 550, size_out = 550 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 164, size_out = 164 True 3
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 186, size_out = 186 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 551, size_out = 551 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 613, size_out = 613 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7508, size_out = 7508 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 135, size_out = 135 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4419, size_out = 4419 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1640, size_out = 1640 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 337, size_out = 337 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 54044, size_out = 54044 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 243, size_out = 243 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 15023, size_out = 15023 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3685, size_out = 3685 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2898, size_out = 2898 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6136, size_out = 6136 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5326, size_out = 5326 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2173, size_out = 2173 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6819, size_out = 6819 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 11034, size_out = 11034 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2040, size_out = 2040 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1920, size_out = 1920 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6611, size_out = 6611 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1102, size_out = 1102 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2218, size_out = 2218 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1308, size_out = 1308 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2347, size_out = 2347 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1558, size_out = 1558 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7623, size_out = 7623 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2853, size_out = 2853 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1485, size_out = 1485 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 755, size_out = 755 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 177, size_out = 177 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1737, size_out = 1737 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2251, size_out = 2251 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2801, size_out = 2801 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1075, size_out = 1075 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2301, size_out = 2301 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2770, size_out = 2770 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1827, size_out = 1827 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1966, size_out = 1966 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 37681, size_out = 37681 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7436, size_out = 7436 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1360, size_out = 1360 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2073, size_out = 2073 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 556, size_out = 556 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 935, size_out = 935 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1023, size_out = 1023 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2191, size_out = 2191 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 15959, size_out = 15959 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8600, size_out = 8600 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2894, size_out = 2894 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 603, size_out = 603 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1434, size_out = 1434 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5734, size_out = 5734 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 225, size_out = 225 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2331, size_out = 2331 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2678, size_out = 2678 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1894, size_out = 1894 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 747, size_out = 747 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4614, size_out = 4614 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4458, size_out = 4458 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1618, size_out = 1618 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8409, size_out = 8409 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 13671, size_out = 13671 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 17304, size_out = 17304 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1740, size_out = 1740 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1045, size_out = 1045 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7937, size_out = 7937 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 521, size_out = 521 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3081, size_out = 3081 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1020, size_out = 1020 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 690, size_out = 690 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 426, size_out = 426 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 427, size_out = 427 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 463, size_out = 463 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 394, size_out = 394 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 615, size_out = 615 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 262, size_out = 262 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 648, size_out = 648 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 212, size_out = 212 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 238, size_out = 238 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 6643, size_out = 6643 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 700, size_out = 700 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1882, size_out = 1882 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4857, size_out = 4857 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2084, size_out = 2084 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3002, size_out = 3002 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 886, size_out = 886 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 224, size_out = 224 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 6708, size_out = 6708 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 160, size_out = 160 True 35
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 30, size_out = 30 True 34
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1225, size_out = 1225 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 78, size_out = 78 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 175, size_out = 175 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 647, size_out = 647 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 196, size_out = 196 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 4096, size_out = 4096 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1693, size_out = 1693 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1542, size_out = 1542 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 299, size_out = 299 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 292, size_out = 292 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 289, size_out = 289 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 297, size_out = 297 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 304, size_out = 304 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 472, size_out = 472 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4170, size_out = 4170 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1351, size_out = 1351 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1358, size_out = 1358 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\java.security size = 8192, size_out = 8192 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\java.security size = 8192, size_out = 1440 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\java.security size = 8192, size_out = 0 True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2345, size_out = 2345 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 7, size_out = 7 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 13694, size_out = 13694 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 160, size_out = 160 True 52
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 30, size_out = 30 True 52
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1056, size_out = 1056 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3940, size_out = 3940 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5672, size_out = 5672 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 844, size_out = 844 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 803, size_out = 803 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2601, size_out = 2601 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1240, size_out = 1240 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 160, size_out = 160 True 15
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 30, size_out = 30 True 27
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 590, size_out = 590 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 525, size_out = 525 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1320, size_out = 1320 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2666, size_out = 2666 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 314, size_out = 314 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 951, size_out = 951 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 10594, size_out = 10594 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3882, size_out = 3882 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3549, size_out = 3549 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1381, size_out = 1381 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8211, size_out = 8211 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3695, size_out = 3695 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2117, size_out = 2117 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 346, size_out = 346 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 576, size_out = 576 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 24203, size_out = 24203 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 13092, size_out = 13092 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 623, size_out = 623 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3174, size_out = 3174 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2257, size_out = 2257 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1621, size_out = 1621 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2395, size_out = 2395 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 14258, size_out = 14258 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 853, size_out = 853 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 967, size_out = 967 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3914, size_out = 3914 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5828, size_out = 5828 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12814, size_out = 12814 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4077, size_out = 4077 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2399, size_out = 2399 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2181, size_out = 2181 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 308, size_out = 308 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 381, size_out = 381 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4556, size_out = 4556 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6732, size_out = 6732 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 732, size_out = 732 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 454, size_out = 454 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 457, size_out = 457 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 973, size_out = 973 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 310, size_out = 310 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2812, size_out = 2812 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 278, size_out = 278 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 131, size_out = 131 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3431, size_out = 3431 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 382, size_out = 382 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 281, size_out = 281 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5929, size_out = 5929 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6713, size_out = 6713 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3217, size_out = 3217 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 265, size_out = 265 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6705, size_out = 6705 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3395, size_out = 3395 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1337, size_out = 1337 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5120, size_out = 5120 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 374, size_out = 374 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4945, size_out = 4945 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2263, size_out = 2263 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4843, size_out = 4843 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2266, size_out = 2266 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2498, size_out = 2498 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2363, size_out = 2363 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 631, size_out = 631 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 866, size_out = 866 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 282, size_out = 282 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3850, size_out = 3850 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 907, size_out = 907 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3908, size_out = 3908 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8490, size_out = 8490 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 444, size_out = 444 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1731, size_out = 1731 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4645, size_out = 4645 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 11624, size_out = 11624 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 915, size_out = 915 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 687, size_out = 687 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 11725, size_out = 11725 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1715, size_out = 1715 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1952, size_out = 1952 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1957, size_out = 1957 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1960, size_out = 1960 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 441, size_out = 441 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 723, size_out = 723 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3045, size_out = 3045 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2242, size_out = 2242 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 387, size_out = 387 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6064, size_out = 6064 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1369, size_out = 1369 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4032, size_out = 4032 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6002, size_out = 6002 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6001, size_out = 6001 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 144, size_out = 144 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1559, size_out = 1559 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 499, size_out = 499 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 734, size_out = 734 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 390, size_out = 390 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1434, size_out = 1434 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 454, size_out = 454 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 5439, size_out = 5439 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 619, size_out = 619 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 10470, size_out = 10470 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 160, size_out = 160 True 27
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 30, size_out = 30 True 136
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3596, size_out = 3596 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3529, size_out = 3529 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1320, size_out = 1320 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 735, size_out = 735 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 817, size_out = 817 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 331, size_out = 331 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2357, size_out = 2357 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 187, size_out = 187 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3665, size_out = 3665 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 3856, size_out = 3856 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 333, size_out = 333 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 2915, size_out = 2915 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 328, size_out = 328 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 350, size_out = 350 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 160, size_out = 160 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 30, size_out = 30 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 213, size_out = 213 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 1319, size_out = 1319 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 151, size_out = 151 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 92, size_out = 92 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 47, size_out = 47 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 115, size_out = 115 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 502, size_out = 502 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 807, size_out = 807 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 530, size_out = 530 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1987, size_out = 1987 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 706, size_out = 706 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 3777, size_out = 3777 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 3082, size_out = 3082 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4270, size_out = 4270 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8559, size_out = 8559 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6031, size_out = 6031 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 671, size_out = 671 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1961, size_out = 1961 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3287, size_out = 3287 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 383, size_out = 383 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3661, size_out = 3661 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 389, size_out = 389 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 411, size_out = 411 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 160, size_out = 160 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 30, size_out = 30 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 194, size_out = 194 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 242, size_out = 242 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 1318, size_out = 1318 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 153, size_out = 153 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 209, size_out = 209 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 883, size_out = 883 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 994, size_out = 994 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 780, size_out = 780 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 206, size_out = 206 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 533, size_out = 533 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 775, size_out = 775 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 301, size_out = 301 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 8192, size_out = 8192 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1137, size_out = 1137 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1486, size_out = 1486 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1009, size_out = 1009 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1052, size_out = 1052 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 269, size_out = 269 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1438, size_out = 1438 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2684, size_out = 2684 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 157, size_out = 157 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 902, size_out = 902 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1516, size_out = 1516 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 925, size_out = 925 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1403, size_out = 1403 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 684, size_out = 684 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2171, size_out = 2171 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1421, size_out = 1421 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 694, size_out = 694 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 171, size_out = 171 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1111, size_out = 1111 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 814, size_out = 814 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 608, size_out = 608 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 677, size_out = 677 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 274, size_out = 274 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1343, size_out = 1343 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 541, size_out = 541 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2912, size_out = 2912 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1249, size_out = 1249 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1311, size_out = 1311 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 265, size_out = 265 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1605, size_out = 1605 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 557, size_out = 557 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 173, size_out = 173 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2789, size_out = 2789 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 230, size_out = 230 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1133, size_out = 1133 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 321, size_out = 321 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 190, size_out = 190 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3185, size_out = 3185 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4522, size_out = 4522 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 978, size_out = 978 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 672, size_out = 672 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 839, size_out = 839 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1309, size_out = 1309 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1312, size_out = 1312 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 696, size_out = 696 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3200, size_out = 3200 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 803, size_out = 803 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 207, size_out = 207 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 823, size_out = 823 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 824, size_out = 824 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 349, size_out = 349 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2972, size_out = 2972 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2977, size_out = 2977 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 611, size_out = 611 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 668, size_out = 668 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 283, size_out = 283 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1118, size_out = 1118 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 834, size_out = 834 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 769, size_out = 769 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1478, size_out = 1478 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1298, size_out = 1298 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1655, size_out = 1655 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 984, size_out = 984 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3278, size_out = 3278 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 833, size_out = 833 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1450, size_out = 1450 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1081, size_out = 1081 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 550, size_out = 550 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 922, size_out = 922 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 5457, size_out = 5457 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1143, size_out = 1143 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2597, size_out = 2597 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 325, size_out = 325 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 271, size_out = 271 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1084, size_out = 1084 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4495, size_out = 4495 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1404, size_out = 1404 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 5963, size_out = 5963 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1218, size_out = 1218 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 666, size_out = 666 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2371, size_out = 2371 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1686, size_out = 1686 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1029, size_out = 1029 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 306, size_out = 306 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1459, size_out = 1459 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 282, size_out = 282 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 609, size_out = 609 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3227, size_out = 3227 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3051, size_out = 3051 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 740, size_out = 740 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3619, size_out = 3619 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1138, size_out = 1138 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1529, size_out = 1529 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 559, size_out = 559 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1967, size_out = 1967 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2579, size_out = 2579 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 621, size_out = 621 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1770, size_out = 1770 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 610, size_out = 610 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4645, size_out = 4645 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1561, size_out = 1561 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 835, size_out = 835 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3166, size_out = 3166 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1381, size_out = 1381 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1574, size_out = 1574 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 876, size_out = 876 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3003, size_out = 3003 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6397, size_out = 6397 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1251, size_out = 1251 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5080, size_out = 5080 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5175, size_out = 5175 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 745, size_out = 745 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2772, size_out = 2772 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 458, size_out = 458 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1186, size_out = 1186 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1096, size_out = 1096 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 834, size_out = 834 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 2219, size_out = 2219 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 315, size_out = 315 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 2433, size_out = 2433 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 314, size_out = 314 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 220, size_out = 220 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 324, size_out = 324 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1301, size_out = 1301 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 244, size_out = 244 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1274, size_out = 1274 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 752, size_out = 752 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1585, size_out = 1585 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1042, size_out = 1042 True 2
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 994, size_out = 994 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 3, size_out = 3 True 49
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1379, size_out = 1379 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1154, size_out = 1154 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 784, size_out = 784 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 917, size_out = 917 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1170, size_out = 1170 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 835, size_out = 835 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 726, size_out = 726 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 585, size_out = 585 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 707, size_out = 707 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 762, size_out = 762 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 778, size_out = 778 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 847, size_out = 847 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1443, size_out = 1443 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 626, size_out = 626 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 682, size_out = 682 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 102, size_out = 102 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 578, size_out = 578 True 3
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 1, size_out = 1 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1486, size_out = 1486 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 645, size_out = 645 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6444, size_out = 6444 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 874, size_out = 874 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 513, size_out = 513 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 818, size_out = 818 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 955, size_out = 955 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1575, size_out = 1575 True 1
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 482, size_out = 482 True 4
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 2594, size_out = 2594 True 3
Fn
Data
Read C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar size = 98, size_out = 98 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 793, size_out = 793 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6132, size_out = 6132 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 517, size_out = 517 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 149, size_out = 149 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2691, size_out = 2691 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 813, size_out = 813 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4013, size_out = 4013 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1566, size_out = 1566 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 4087, size_out = 4087 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1366, size_out = 1366 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 9311, size_out = 9311 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3572, size_out = 3572 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1619, size_out = 1619 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2404, size_out = 2404 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3013, size_out = 3013 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1708, size_out = 1708 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2879, size_out = 2879 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1285, size_out = 1285 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1398, size_out = 1398 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1090, size_out = 1090 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3789, size_out = 3789 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 436, size_out = 436 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 792, size_out = 792 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1299, size_out = 1299 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6881, size_out = 6881 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 616, size_out = 616 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5680, size_out = 5680 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2226, size_out = 2226 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8745, size_out = 8745 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2458, size_out = 2458 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 657, size_out = 657 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 536, size_out = 536 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1369, size_out = 1369 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 720, size_out = 720 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 6183, size_out = 6183 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 480, size_out = 480 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 622, size_out = 622 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 4252, size_out = 4252 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 447, size_out = 447 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1412, size_out = 1412 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 932, size_out = 932 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 1, size_out = 1 True 948
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 470, size_out = 470 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 18, size_out = 18 True 9
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 8, size_out = 8 True 79
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 5, size_out = 5 True 78
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 1024, size_out = 1024 True 34
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 58, size_out = 58 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 14, size_out = 14 True 9
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 891, size_out = 891 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 25, size_out = 25 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 646, size_out = 646 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 15, size_out = 15 True 6
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 804, size_out = 804 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4601, size_out = 4601 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5105, size_out = 5105 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4535, size_out = 4535 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 463, size_out = 463 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 20, size_out = 20 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 947, size_out = 947 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 11, size_out = 11 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 54, size_out = 54 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3781, size_out = 3781 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2941, size_out = 2941 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 66, size_out = 66 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 443, size_out = 443 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 29, size_out = 29 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 969, size_out = 969 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 21, size_out = 21 True 9
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 775, size_out = 775 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 19, size_out = 19 True 7
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 364, size_out = 364 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 30, size_out = 30 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 1001, size_out = 1001 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 17, size_out = 17 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\cacerts size = 446, size_out = 446 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4485, size_out = 4485 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1190, size_out = 1190 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1892, size_out = 1892 True 1
Fn
Data
For performance reasons, the remaining 260 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (29)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\Desktop - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager - True 4
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders value_name = Desktop, data = C:\Users\EEBsYm5\Desktop, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation value_name = DisableAutoDaylightTimeSet, data = 52, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation value_name = DynamicDaylightTimeDisabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation value_name = TimeZoneKeyName, data = Greenland Standard Time, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows value_name = GDIProcessHandleQuota, data = 16 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\Desktop value_name = FontSmoothingOrientation, data = 1 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics value_name = Shell Icon BPP, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ThemeActive, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ThemeActive, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = DllName, data = 0, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = SizeName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = SizeName, data = NormalSize, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ColorName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ColorName, data = NormalColor, type = REG_SZ True 1
Fn
Process (12)
»
Operation Process Additional Information Success Count Logfile
Create "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class os_pid = 0xa9c, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs os_pid = 0xae8, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs os_pid = 0xb7c, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create xcopy "C:\Program Files\Java\jre7" "C:\Users\EEBsYm5\AppData\Roaming\Oracle\" /e os_pid = 0xbfc, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create cmd.exe os_pid = 0xc74, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v eUOfVMeBSPH /t REG_EXPAND_SZ /d "\"C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj\"" /f os_pid = 0xcec, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl\*.*" os_pid = 0xcf4, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl" os_pid = 0xcfc, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj os_pid = 0xd04, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Terminate cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs exit_code = 1 False 1
Fn
Terminate cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs exit_code = 1 False 1
Fn
Terminate xcopy "C:\Program Files\Java\jre7" "C:\Users\EEBsYm5\AppData\Roaming\Oracle\" /e exit_code = 1 False 1
Fn
Module (122)
»
Operation Module Additional Information Success Count Logfile
Load COMCTL32.dll base_address = 0x74250000 True 1
Fn
Load GDI32.dll base_address = 0x76970000 True 1
Fn
Load ole32.dll base_address = 0x76d70000 True 1
Fn
Load SHELL32.dll base_address = 0x75570000 True 1
Fn
Load C:\Windows\system32\user32.dll base_address = 0x769c0000 True 1
Fn
Load C:\Windows\system32\DWMAPI.DLL base_address = 0x73da0000 True 1
Fn
Load C:\Windows\system32\UXTHEME.DLL base_address = 0x740d0000 True 1
Fn
Get Handle c:\program files\java\jre7\bin\client\jvm.dll base_address = 0x6cf60000 True 2
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Filename c:\program files\java\jre7\bin\client\jvm.dll process_name = c:\program files\java\jre7\bin\java.exe, file_name_orig = C:\Program Files\Java\jre7\bin\client\jvm.dll, size = 260 True 1
Fn
Get Address c:\program files\java\jre7\bin\client\jvm.dll function = JVM_GetVersionInfo, address_out = 0x6d04d980 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x76f0be77 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetFinalPathNameByHandleW, address_out = 0x76f04e2a True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = FindFirstStreamW, address_out = 0x76f2c8fa True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FindNextStreamW, address_out = 0x76f2c838 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateSymbolicLinkW, address_out = 0x76f59aa9 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetKeyboardLayout, address_out = 0x769d3800 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetDoubleClickTime, address_out = 0x769cade0 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetrics, address_out = 0x769d67cf True 1
Fn
Get Address c:\windows\system32\user32.dll function = ToAsciiEx, address_out = 0x76a0b797 True 13
Fn
Get Address c:\windows\system32\user32.dll function = GetKeyboardState, address_out = 0x769f6946 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x742709ce True 1
Fn
Get Address c:\windows\system32\user32.dll function = LoadIconW, address_out = 0x769cf142 True 1
Fn
Get Address c:\windows\system32\user32.dll function = RegisterClassW, address_out = 0x769ced4a True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetDC, address_out = 0x769d544c True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetDeviceCaps, address_out = 0x76976f7f True 2
Fn
Get Address c:\windows\system32\user32.dll function = ReleaseDC, address_out = 0x769d5421 True 1
Fn
Get Address c:\windows\system32\user32.dll function = CreateWindowExW, address_out = 0x769cec7c True 1
Fn
Get Address c:\windows\system32\user32.dll function = DefWindowProcW, address_out = 0x769d507d True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetWindowsHookExW, address_out = 0x769ce30c True 1
Fn
Get Address c:\windows\system32\ole32.dll function = OleInitialize, address_out = 0x76d8efd7 True 1
Fn
Get Address c:\windows\system32\user32.dll function = WaitMessage, address_out = 0x769d66bd True 1
Fn
Get Address c:\windows\system32\user32.dll function = SystemParametersInfoW, address_out = 0x769ce09a True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSysColor, address_out = 0x769ddb7a True 29
Fn
Get Address c:\windows\system32\shell32.dll function = SHGetSettings, address_out = 0x757e58e8 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = CreateDCW, address_out = 0x7697cf79 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetStockObject, address_out = 0x76975ddf True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = SelectObject, address_out = 0x76976640 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetTextFaceW, address_out = 0x7697b73a True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetTextMetricsW, address_out = 0x76977b8f True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = DeleteDC, address_out = 0x76976eaa True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetProcessDPIAware, address_out = 0x769de95c True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmIsCompositionEnabled, address_out = 0x73da1610 True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnumDisplayMonitors, address_out = 0x769d34a3 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = CreateCompatibleBitmap, address_out = 0x769773ad True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetDIBits, address_out = 0x7697a23b True 2
Fn
Get Address c:\windows\system32\gdi32.dll function = DeleteObject, address_out = 0x76975f14 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x740d73d2 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x740d3982 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x740d6a18 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x740d4ea1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x740dcd2e True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x740d86e9 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x740d85b4 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x740d7c1f True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74103172 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x740d616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x740d616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x740d616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74102350 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x740dcdb1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x740e0134 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x740d60ab True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTransitionDuration, address_out = 0x740e1081 True 1
Fn
Get Address c:\windows\system32\user32.dll function = SendMessageW, address_out = 0x769d5539 True 1
Fn
Get Address c:\windows\system32\user32.dll function = PeekMessageW, address_out = 0x769d634a True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnumThreadWindows, address_out = 0x769cb712 True 1
Fn
Get Address c:\windows\system32\user32.dll function = PostMessageW, address_out = 0x769d447b True 1
Fn
Get Address c:\windows\system32\user32.dll function = CallNextHookEx, address_out = 0x769cabe1 True 1
Fn
Get Address c:\windows\system32\user32.dll function = PostQuitMessage, address_out = 0x769cb308 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = OleUninitialize, address_out = 0x76d8eba1 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetMessageW, address_out = 0x769dcde8 True 1
Fn
Get Address c:\windows\system32\user32.dll function = IsWindow, address_out = 0x769d53ba True 1
Fn
Get Address c:\windows\system32\user32.dll function = DestroyWindow, address_out = 0x769cb2f4 True 1
Fn
Get Address c:\windows\system32\user32.dll function = UnregisterClassW, address_out = 0x769cb9ae True 1
Fn
Get Address c:\windows\system32\user32.dll function = UnhookWindowsHookEx, address_out = 0x769cadf9 True 1
Fn
Window (1)
»
Operation Window Name Additional Information Success Count Logfile
Create theAwtToolkitWindow class_name = SunAwtToolkit, wndproc_parameter = 0 True 1
Fn
Keyboard (4)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 3
Fn
Read result_out = 1 True 1
Fn
System (24)
»
Operation Additional Information Success Count Logfile
Register Hook type = WH_GETMESSAGE, hookproc_address = 0x6ccf1da0 True 1
Fn
Get Info type = Operating System True 9
Fn
Get Info type = Hardware Information True 2
Fn
Get Info type = Operating System True 9
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 3
Fn
Network Behavior
DNS (4)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = cRh2YWu7 True 2
Fn
Resolve Name host = cRh2YWu7, address_out = fe80:0000:0000:0000:48d9:542c:fc57:360f, 192.168.0.222 True 1
Fn
Resolve Name host = vvrhhhnaijyj6s2m.onion.top, address_out = 62.0.58.94 True 1
Fn
TCP Sessions (1)
»
Information Value
Total Data Sent 0 bytes
Total Data Received 0 bytes
Contacted Host Count 1
Contacted Hosts 0000:0000:0000:0000:0000:ffff:3e00:3a5e:443
TCP Session #1
»
Information Value
Handle 0x290
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:3e00:3a5e
Remote Port 443
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:3e00:3a5e, remote_port = 443 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
Process #2: java.exe
3281 36
»
Information Value
ID #2
File Name c:\program files\java\jre7\bin\java.exe
Command Line "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:05, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:36
OS Process Information
»
Information Value
PID 0xa9c
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AA0
0x AB4
0x AB8
0x ABC
0x AC0
0x ADC
0x AD4
0x AD8
0x AE4
0x AE0
0x B10
0x B34
0x B38
0x B3C
0x B40
0x C4C
0x C50
0x C58
0x C5C
0x CDC
0x D6C
0x D90
0x DA8
0x DB0
0x DB4
0x DB8
0x DBC
0x DC0
0x DC4
0x DC8
0x E18
0x E24
0x E28
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00042fff Pagefile Backed Memory Readable True False False -
private_0x0000000000050000 0x00050000 0x00050fff Private Memory Readable, Writable True False False -
private_0x0000000000060000 0x00060000 0x00060fff Private Memory Readable, Writable True False False -
private_0x0000000000070000 0x00070000 0x000bffff Private Memory Readable, Writable True False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e6fff Pagefile Backed Memory Readable True False False -
private_0x00000000000f0000 0x000f0000 0x001effff Private Memory Readable, Writable True False False -
locale.nls 0x001f0000 0x00256fff Memory Mapped File Readable False False False -
pagefile_0x0000000000260000 0x00260000 0x00327fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000330000 0x00330000 0x00331fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000340000 0x00340000 0x00340fff Private Memory Readable True False False -
private_0x0000000000350000 0x00350000 0x00350fff Private Memory Readable, Writable True False False -
2716 0x00360000 0x0036ffff Memory Mapped File Readable, Writable True False False -
private_0x0000000000370000 0x00370000 0x003cffff Private Memory Readable, Writable True False False -
private_0x00000000003d0000 0x003d0000 0x003dffff Private Memory Readable, Writable True False False -
pagefile_0x00000000003e0000 0x003e0000 0x004e0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000004f0000 0x004f0000 0x010effff Pagefile Backed Memory Readable True False False -
private_0x00000000010f0000 0x010f0000 0x0116ffff Private Memory Readable, Writable True False False -
private_0x0000000001170000 0x01170000 0x0119ffff Private Memory Readable, Writable True False False -
private_0x00000000011a0000 0x011a0000 0x011affff Private Memory Readable, Writable True False False -
private_0x00000000011b0000 0x011b0000 0x011bffff Private Memory Readable, Writable True False False -
private_0x00000000011c0000 0x011c0000 0x012bffff Private Memory Readable, Writable True False False -
private_0x00000000012c0000 0x012c0000 0x0136ffff Private Memory Readable, Writable True False False -
private_0x0000000001370000 0x01370000 0x0137ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000001380000 0x01380000 0x01380fff Pagefile Backed Memory Readable, Writable True False False -
java.exe 0x013b0000 0x013defff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x00000000013e0000 0x013e0000 0x017d2fff Pagefile Backed Memory Readable True False False -
private_0x00000000017e0000 0x017e0000 0x0182ffff Private Memory Readable, Writable True False False -
private_0x0000000001840000 0x01840000 0x0188ffff Private Memory Readable, Writable True False False -
private_0x0000000001890000 0x01890000 0x0198ffff Private Memory Readable, Writable True False False -
private_0x0000000001990000 0x01990000 0x0199ffff Private Memory Readable, Writable True False False -
private_0x00000000019a0000 0x019a0000 0x0399ffff Private Memory Readable, Writable True False False -
private_0x00000000039c0000 0x039c0000 0x03a0ffff Private Memory Readable, Writable True False False -
rsaenh.dll 0x03a10000 0x03a4bfff Memory Mapped File Readable False False False -
private_0x0000000003a50000 0x03a50000 0x03a9ffff Private Memory Readable, Writable True False False -
private_0x0000000003aa0000 0x03aa0000 0x03b3ffff Private Memory Readable, Writable True False False -
private_0x0000000003aa0000 0x03aa0000 0x03b0ffff Private Memory Readable, Writable True False False -
private_0x0000000003b30000 0x03b30000 0x03b3ffff Private Memory Readable, Writable True False False -
private_0x0000000003b60000 0x03b60000 0x03baffff Private Memory Readable, Writable True False False -
private_0x0000000003bb0000 0x03bb0000 0x03d62fff Private Memory Readable, Writable True False False -
private_0x0000000003bf0000 0x03bf0000 0x03c3ffff Private Memory Readable, Writable True False False -
private_0x0000000003c80000 0x03c80000 0x03ccffff Private Memory Readable, Writable True False False -
private_0x0000000003cd0000 0x03cd0000 0x03d1ffff Private Memory Readable, Writable True False False -
private_0x0000000003d30000 0x03d30000 0x03d7ffff Private Memory Readable, Writable True False False -
private_0x0000000003d80000 0x03d80000 0x03f7ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x03f80000 0x0424efff Memory Mapped File Readable False False False -
private_0x0000000004250000 0x04250000 0x043bffff Private Memory Readable, Writable True False False -
private_0x0000000004250000 0x04250000 0x0437ffff Private Memory Readable, Writable True False False -
rpcss.dll 0x04250000 0x042abfff Memory Mapped File Readable False False False -
private_0x00000000042c0000 0x042c0000 0x0430ffff Private Memory Readable, Writable True False False -
private_0x0000000004370000 0x04370000 0x0437ffff Private Memory Readable, Writable True False False -
private_0x0000000004380000 0x04380000 0x043bffff Private Memory Readable, Writable True False False -
private_0x00000000043c0000 0x043c0000 0x0458ffff Private Memory Readable, Writable True False False -
private_0x00000000043c0000 0x043c0000 0x044bffff Private Memory Readable, Writable True False False -
private_0x00000000044d0000 0x044d0000 0x0451ffff Private Memory Readable, Writable True False False -
private_0x0000000004550000 0x04550000 0x0458ffff Private Memory Readable, Writable True False False -
kernelbase.dll.mui 0x04590000 0x0464ffff Memory Mapped File Readable, Writable False False False -
private_0x00000000046f0000 0x046f0000 0x0473ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000004740000 0x04740000 0x0481efff Pagefile Backed Memory Readable True False False -
private_0x0000000004820000 0x04820000 0x0486ffff Private Memory Readable, Writable True False False -
private_0x00000000048b0000 0x048b0000 0x048fffff Private Memory Readable, Writable True False False -
private_0x0000000004900000 0x04900000 0x04a6ffff Private Memory Readable, Writable True False False -
private_0x0000000023860000 0x23860000 0x28daffff Private Memory Readable, Writable True False False -
private_0x0000000028db0000 0x28db0000 0x3385ffff Private Memory Readable, Writable True False False -
private_0x0000000033860000 0x33860000 0x3785ffff Private Memory Readable, Writable True False False -
classes.jsa 0x37860000 0x37c9ffff Memory Mapped File Readable False False False -
private_0x0000000037ca0000 0x37ca0000 0x3825ffff Private Memory Readable, Writable True False False -
classes.jsa 0x38260000 0x388affff Memory Mapped File Readable, Writable False False False -
private_0x00000000388b0000 0x388b0000 0x38e5ffff Private Memory Readable, Writable True False False -
classes.jsa 0x38e60000 0x390cffff Memory Mapped File Readable, Writable False False False -
private_0x00000000390d0000 0x390d0000 0x3925ffff Private Memory Readable, Writable True False False -
private_0x0000000039260000 0x39260000 0x3926ffff Private Memory Readable, Writable True False False -
private_0x0000000039270000 0x39270000 0x3965ffff Private Memory Readable, Writable True False False -
awt.dll 0x6cc60000 0x6cda2fff Memory Mapped File Readable, Writable, Executable True False False -
jvm.dll 0x6cf60000 0x6d2dffff Memory Mapped File Readable, Writable, Executable False False False -
winmm.dll 0x6eae0000 0x6eb11fff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x6eb20000 0x6eb25fff Memory Mapped File Readable, Writable, Executable False False False -
sunec.dll 0x6f480000 0x6f49ffff Memory Mapped File Readable, Writable, Executable False False False -
net.dll 0x6f4a0000 0x6f4b3fff Memory Mapped File Readable, Writable, Executable True False False -
zip.dll 0x6f4c0000 0x6f4d2fff Memory Mapped File Readable, Writable, Executable True False False -
nio.dll 0x6f570000 0x6f57efff Memory Mapped File Readable, Writable, Executable True False False -
java.dll 0x6f580000 0x6f59ffff Memory Mapped File Readable, Writable, Executable True False False -
msvcr100.dll 0x6f5a0000 0x6f65efff Memory Mapped File Readable, Writable, Executable False False False -
verify.dll 0x71c10000 0x71c1bfff Memory Mapped File Readable, Writable, Executable True False False -
wsock32.dll 0x71ce0000 0x71ce6fff Memory Mapped File Readable, Writable, Executable False False False -
dhcpcsvc.dll 0x73360000 0x73371fff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x73380000 0x733b7fff Memory Mapped File Readable, Writable, Executable False False False -
dhcpcsvc6.dll 0x733d0000 0x733dcfff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x734c0000 0x734c6fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x734d0000 0x734ebfff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x735e0000 0x735effff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x73c20000 0x73c27fff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x73c30000 0x73c41fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x73c60000 0x73c6ffff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x73da0000 0x73db2fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x740d0000 0x7410ffff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x74250000 0x743edfff Memory Mapped File Readable, Writable, Executable False False False -
wshtcpip.dll 0x74850000 0x74854fff Memory Mapped File Readable, Writable, Executable False False False -
userenv.dll 0x74920000 0x74936fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74ae0000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74bc0000 0x74c03fff Memory Mapped File Readable, Writable, Executable False False False -
wship6.dll 0x74cf0000 0x74cf5fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x74d00000 0x74d3bfff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74d40000 0x74d55fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x751c0000 0x751cbfff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x75270000 0x7527afff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x75570000 0x761b9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76b40000 0x76bcefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x76d70000 0x76ecbfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
psapi.dll 0x77260000 0x77264fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
private_0x000000007ffad000 0x7ffad000 0x7ffadfff Private Memory Readable, Writable True False False -
private_0x000000007ffae000 0x7ffae000 0x7ffaefff Private Memory Readable, Writable True False False -
private_0x000000007ffaf000 0x7ffaf000 0x7ffaffff Private Memory Readable, Writable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory Readable, Writable True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory Readable, Writable True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory Readable, Writable True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory Readable, Writable True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory Readable, Writable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory Readable, Writable True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory Readable, Writable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
For performance reasons, the remaining 25 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\eebsym5\appdata\local\temp\retrive2551337130529148691.vbs 0.27 KB MD5: 3bdfd33017806b85949b6faa7d4b98e4
SHA1: f92844fee69ef98db6e68931adfaa9a0a0f8ce66
SHA256: 9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6 		False
...
c:\users\eebsym5\appdata\local\temp\retrive2742094931696724792.vbs 0.27 KB MD5: a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510
SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 		False
...
c:\windows\system32\test.txt 0.84 KB MD5: 3d0e087dfb49330b60853005578fb212
SHA1: 67fdc16a3019e0283bc362e60260ab309710f80c
SHA256: 8378e312f7d1dc47b3d75335dd0287fe32fbf5ccdbb4810396f911fb5dcd6e8c 		False
...
c:\users\eebsym5\futkaleatxm\id.txt 0.05 KB MD5: 4ccee4a6fd5867cfa215138a8b045386
SHA1: 96fb6d9a48b81b8bd058c80c4fa4e3484d1a61d2
SHA256: ff4a8660585a9a7e79d9491f4f132a31065420770c0c3b4830af8a482b5f7afa 		False
...
c:\windows\system32\test.txt 0.50 KB MD5: e11224734ee902942414452d70f4c37e
SHA1: f3b08e822a82bb114468daa417467162605b61d8
SHA256: 03db1dad19141bc88f6174698ea62584f304d4c389237c5377e1b3d94012543e 		False
...
Host Behavior
File (3101)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Program Files\Java\jre7\lib\rt.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\meta-index desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 2
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 2
Fn
Create C:\Program Files\Java\jre7\lib\meta-index desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\java.security desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\jsse.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\jce.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunec.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunec.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\rt.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\jce.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\US_export_policy.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\US_export_policy.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\local_policy.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\security\local_policy.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\resources.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\resources.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\.accessibility.properties desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Java\jre7\lib\accessibility.properties desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create \etc\release desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Windows\System32\test.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\fUTkALeaTxM\ID.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunec.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre7\lib\net.properties desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create Directory C:\Users\EEBsYm5\fUTkALeaTxM - True 1
Fn
Create Directory C:\Users\EEBsYm5\fUTkALeaTxM\DdWDtpinxpf - True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Create Pipe Anonymous read pipe size = 4120 True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\zip.dll type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\meta-index type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\meta-index type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\meta-index type = size, size_out = 829 True 1
Fn
Get Info C:\Windows\Sun\Java\lib\ext\meta-index type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\access-bridge.jar type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\dnsns.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\jaccess.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\localedata.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunec.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar type = file_attributes True 5
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunpkcs11.jar type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\zipfs.jar type = file_attributes True 2
Fn
Get Info C:\Windows\Sun\Java\lib\ext type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\management\usagetracker.properties type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class type = time True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\resources.jar type = file_attributes True 6
Fn
Get Info C:\Program Files\Java\jre7\lib\meta-index type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\meta-index type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\meta-index type = size, size_out = 2190 True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\rt.jar type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\sunrsasign.jar type = file_attributes False 3
Fn
Get Info C:\Program Files\Java\jre7\lib\jsse.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\jce.jar type = file_attributes True 4
Fn
Get Info C:\Program Files\Java\jre7\lib\charsets.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\jfr.jar type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\classes type = file_attributes False 4
Fn
Get Info C:\Program Files\Java\jre7\meta-index type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\java.security type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\java.security type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\java.security type = size, size_out = 17824 True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunec.jar type = time True 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\x86\sunec.dll type = file_attributes False 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\sunec.dll type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\bin\sunec.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\rt.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\jce.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\US_export_policy.jar type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\local_policy.jar type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\US_export_policy.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\net.dll type = file_attributes True 6
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\security\local_policy.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar type = time True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\nio.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\jaxp.properties type = file_attributes False 2
Fn
Get Info C:\Program Files\Java\jre7\lib\resources.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\bin\awt.dll type = file_attributes True 5
Fn
Get Info C:\Program Files\Java\jre7\lib\swing.properties type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs type = file_attributes False 1
Fn
Get Info - type = file_type True 2
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs type = file_attributes False 1
Fn
Get Info - type = file_type True 2
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs type = file_type True 18
Fn
Get Info C:\Program Files\Java\jre7\bin\management.dll type = file_attributes True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class type = time True 1
Fn
Get Info C:\Users\EEBsYm5\fUTkALeaTxM type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\fUTkALeaTxM\ID.txt type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\fUTkALeaTxM\DdWDtpinxpf type = file_attributes False 2
Fn
Get Info C:\Users\EEBsYm5\fUTkALeaTxM\DdWDtpinxpf type = file_attributes True 3
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunec.jar type = time True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar type = time True 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\x86\sunmscapi.dll type = file_attributes False 1
Fn
Get Info C:\Program%20Files\Java\jre7\lib\ext\sunmscapi.dll type = file_attributes False 1
Fn
Get Info C:\Program Files\Java\jre7\bin\sunmscapi.dll type = file_attributes True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\net.properties type = file_attributes True 2
Fn
Get Info C:\Program Files\Java\jre7\lib\net.properties type = file_type True 1
Fn
Get Info C:\Program Files\Java\jre7\lib\net.properties type = size, size_out = 3070 True 1
Fn
Open STD_INPUT_HANDLE - True 23
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7, size_out = 7 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1781193, size_out = 1781193 True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 160, size_out = 160 True 612
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 30, size_out = 30 True 612
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 709, size_out = 709 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 277, size_out = 277 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2305, size_out = 2305 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1022, size_out = 1022 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2882, size_out = 2882 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 104, size_out = 104 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 728, size_out = 728 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 345, size_out = 345 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 815, size_out = 815 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1105, size_out = 1105 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1761, size_out = 1761 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 514, size_out = 514 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 970, size_out = 970 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2589, size_out = 2589 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1008, size_out = 1008 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2004, size_out = 2004 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 669, size_out = 669 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\meta-index size = 8192, size_out = 829 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 962, size_out = 962 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 934, size_out = 934 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1720, size_out = 1720 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1012, size_out = 1012 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3028, size_out = 3028 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1111, size_out = 1111 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2976, size_out = 2976 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 672, size_out = 672 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1189, size_out = 1189 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2646, size_out = 2646 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\meta-index size = 8192, size_out = 0 True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 966, size_out = 966 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 800, size_out = 800 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1280, size_out = 1280 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 609, size_out = 609 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 628, size_out = 628 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 328, size_out = 328 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 327, size_out = 327 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12212, size_out = 12212 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 748, size_out = 748 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6630, size_out = 6630 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3392, size_out = 3392 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 4, size_out = 4 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 128, size_out = 128 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 6113, size_out = 6113 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2563, size_out = 2563 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 476, size_out = 476 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2703, size_out = 2703 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 753, size_out = 753 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3690, size_out = 3690 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3361, size_out = 3361 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3599, size_out = 3599 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 160, size_out = 160 True 42
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 260, size_out = 260 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1899, size_out = 1899 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 678, size_out = 678 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 30, size_out = 30 True 81
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 161, size_out = 161 True 6
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1909, size_out = 1909 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 670, size_out = 670 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 762, size_out = 762 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1016, size_out = 1016 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1133, size_out = 1133 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 921, size_out = 921 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 263, size_out = 263 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 16, size_out = 16 True 26
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 729, size_out = 729 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 17, size_out = 17 True 4
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 243, size_out = 243 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 315, size_out = 315 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 437, size_out = 437 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 439, size_out = 439 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 342, size_out = 342 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 802, size_out = 802 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1127, size_out = 1127 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\meta-index size = 8192, size_out = 2190 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\meta-index size = 8192, size_out = 0 True 1
Fn
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 1468, size_out = 1468 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1486, size_out = 1486 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 258, size_out = 258 True 6
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2351, size_out = 2351 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 877, size_out = 877 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 645, size_out = 645 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6444, size_out = 6444 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1453, size_out = 1453 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 513, size_out = 513 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4556, size_out = 4556 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\java.security size = 8192, size_out = 8192 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\java.security size = 8192, size_out = 1440 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\java.security size = 8192, size_out = 0 True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2345, size_out = 2345 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 7, size_out = 7 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 13694, size_out = 13694 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 160, size_out = 160 True 45
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 30, size_out = 30 True 45
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1056, size_out = 1056 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3940, size_out = 3940 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5672, size_out = 5672 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 844, size_out = 844 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 803, size_out = 803 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2601, size_out = 2601 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6732, size_out = 6732 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 732, size_out = 732 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 454, size_out = 454 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 78, size_out = 78 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 457, size_out = 457 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 973, size_out = 973 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 308, size_out = 308 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 381, size_out = 381 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 310, size_out = 310 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3431, size_out = 3431 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 382, size_out = 382 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 281, size_out = 281 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 131, size_out = 131 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5929, size_out = 5929 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 405, size_out = 405 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 182, size_out = 182 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 3, size_out = 3 True 6
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 354, size_out = 354 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 645, size_out = 645 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 380, size_out = 380 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 512, size_out = 512 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 6708, size_out = 6708 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 160, size_out = 160 True 35
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 30, size_out = 30 True 34
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 4096, size_out = 4096 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1693, size_out = 1693 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1351, size_out = 1351 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1358, size_out = 1358 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1240, size_out = 1240 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 160, size_out = 160 True 15
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 30, size_out = 30 True 27
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 590, size_out = 590 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 525, size_out = 525 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1320, size_out = 1320 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2666, size_out = 2666 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 314, size_out = 314 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 951, size_out = 951 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 10594, size_out = 10594 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3882, size_out = 3882 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3549, size_out = 3549 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1381, size_out = 1381 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8211, size_out = 8211 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1075, size_out = 1075 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3695, size_out = 3695 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2117, size_out = 2117 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 346, size_out = 346 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 576, size_out = 576 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 24203, size_out = 24203 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 13092, size_out = 13092 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 623, size_out = 623 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3174, size_out = 3174 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2257, size_out = 2257 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1621, size_out = 1621 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2395, size_out = 2395 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 14258, size_out = 14258 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 853, size_out = 853 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 967, size_out = 967 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3914, size_out = 3914 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5828, size_out = 5828 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12814, size_out = 12814 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4077, size_out = 4077 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2399, size_out = 2399 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2181, size_out = 2181 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2812, size_out = 2812 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 278, size_out = 278 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6713, size_out = 6713 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3217, size_out = 3217 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 265, size_out = 265 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6705, size_out = 6705 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3395, size_out = 3395 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1337, size_out = 1337 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5120, size_out = 5120 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 374, size_out = 374 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1663, size_out = 1663 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4945, size_out = 4945 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2801, size_out = 2801 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2263, size_out = 2263 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4843, size_out = 4843 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2266, size_out = 2266 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3589, size_out = 3589 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2498, size_out = 2498 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2363, size_out = 2363 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 631, size_out = 631 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 866, size_out = 866 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 282, size_out = 282 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3850, size_out = 3850 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 591, size_out = 591 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 907, size_out = 907 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3908, size_out = 3908 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8490, size_out = 8490 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 444, size_out = 444 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1731, size_out = 1731 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4645, size_out = 4645 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 11624, size_out = 11624 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 915, size_out = 915 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 687, size_out = 687 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 11725, size_out = 11725 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1715, size_out = 1715 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1952, size_out = 1952 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1957, size_out = 1957 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1960, size_out = 1960 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1966, size_out = 1966 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 441, size_out = 441 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 723, size_out = 723 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3045, size_out = 3045 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2242, size_out = 2242 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 387, size_out = 387 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6064, size_out = 6064 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1369, size_out = 1369 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4032, size_out = 4032 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6002, size_out = 6002 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6001, size_out = 6001 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2439, size_out = 2439 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 144, size_out = 144 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1559, size_out = 1559 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 499, size_out = 499 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 734, size_out = 734 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 390, size_out = 390 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1434, size_out = 1434 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 454, size_out = 454 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 5439, size_out = 5439 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 619, size_out = 619 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 10470, size_out = 10470 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 160, size_out = 160 True 27
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 30, size_out = 30 True 136
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3596, size_out = 3596 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3529, size_out = 3529 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1320, size_out = 1320 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 735, size_out = 735 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4170, size_out = 4170 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 817, size_out = 817 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 331, size_out = 331 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2357, size_out = 2357 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 187, size_out = 187 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3665, size_out = 3665 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 3856, size_out = 3856 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 333, size_out = 333 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 2915, size_out = 2915 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 328, size_out = 328 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 350, size_out = 350 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 160, size_out = 160 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 30, size_out = 30 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 213, size_out = 213 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 1319, size_out = 1319 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 151, size_out = 151 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 92, size_out = 92 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 47, size_out = 47 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\US_export_policy.jar size = 115, size_out = 115 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 502, size_out = 502 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 807, size_out = 807 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 530, size_out = 530 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1987, size_out = 1987 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 706, size_out = 706 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 3777, size_out = 3777 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 3082, size_out = 3082 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4270, size_out = 4270 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8559, size_out = 8559 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6031, size_out = 6031 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 671, size_out = 671 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1961, size_out = 1961 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3287, size_out = 3287 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 383, size_out = 383 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3661, size_out = 3661 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 292, size_out = 292 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 389, size_out = 389 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 411, size_out = 411 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 160, size_out = 160 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 30, size_out = 30 True 5
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 194, size_out = 194 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 242, size_out = 242 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 1318, size_out = 1318 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 153, size_out = 153 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 209, size_out = 209 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 883, size_out = 883 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 994, size_out = 994 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 780, size_out = 780 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\security\local_policy.jar size = 206, size_out = 206 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 533, size_out = 533 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 775, size_out = 775 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 301, size_out = 301 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 8192, size_out = 8192 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1137, size_out = 1137 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1486, size_out = 1486 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1009, size_out = 1009 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1052, size_out = 1052 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 269, size_out = 269 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1438, size_out = 1438 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2684, size_out = 2684 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 157, size_out = 157 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 902, size_out = 902 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1516, size_out = 1516 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 925, size_out = 925 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1403, size_out = 1403 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 684, size_out = 684 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2171, size_out = 2171 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1421, size_out = 1421 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 694, size_out = 694 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 171, size_out = 171 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1111, size_out = 1111 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 814, size_out = 814 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 608, size_out = 608 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 677, size_out = 677 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 274, size_out = 274 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1343, size_out = 1343 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 541, size_out = 541 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2912, size_out = 2912 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1249, size_out = 1249 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1311, size_out = 1311 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 265, size_out = 265 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1605, size_out = 1605 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 557, size_out = 557 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 173, size_out = 173 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2789, size_out = 2789 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 230, size_out = 230 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1133, size_out = 1133 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 321, size_out = 321 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 190, size_out = 190 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3185, size_out = 3185 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4522, size_out = 4522 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 978, size_out = 978 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 672, size_out = 672 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 839, size_out = 839 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1309, size_out = 1309 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1312, size_out = 1312 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 696, size_out = 696 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3200, size_out = 3200 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 803, size_out = 803 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 207, size_out = 207 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 823, size_out = 823 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 824, size_out = 824 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 349, size_out = 349 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2972, size_out = 2972 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2977, size_out = 2977 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 611, size_out = 611 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 668, size_out = 668 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 283, size_out = 283 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1118, size_out = 1118 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 834, size_out = 834 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 769, size_out = 769 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1478, size_out = 1478 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1298, size_out = 1298 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1655, size_out = 1655 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 984, size_out = 984 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3278, size_out = 3278 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 833, size_out = 833 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1450, size_out = 1450 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1081, size_out = 1081 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 550, size_out = 550 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 922, size_out = 922 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 5457, size_out = 5457 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1143, size_out = 1143 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2597, size_out = 2597 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 325, size_out = 325 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 271, size_out = 271 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1084, size_out = 1084 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4495, size_out = 4495 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1404, size_out = 1404 True 3
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 5963, size_out = 5963 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1218, size_out = 1218 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 666, size_out = 666 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2371, size_out = 2371 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1686, size_out = 1686 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1029, size_out = 1029 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 306, size_out = 306 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1459, size_out = 1459 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 282, size_out = 282 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 609, size_out = 609 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3227, size_out = 3227 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3051, size_out = 3051 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 740, size_out = 740 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3619, size_out = 3619 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1138, size_out = 1138 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1529, size_out = 1529 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 559, size_out = 559 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1967, size_out = 1967 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 2579, size_out = 2579 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 621, size_out = 621 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1770, size_out = 1770 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 610, size_out = 610 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 4645, size_out = 4645 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1561, size_out = 1561 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 835, size_out = 835 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 3166, size_out = 3166 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar size = 1381, size_out = 1381 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1574, size_out = 1574 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 876, size_out = 876 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3003, size_out = 3003 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6397, size_out = 6397 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1251, size_out = 1251 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5080, size_out = 5080 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5175, size_out = 5175 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 745, size_out = 745 True 4
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2772, size_out = 2772 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 632, size_out = 632 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 458, size_out = 458 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2124, size_out = 2124 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1186, size_out = 1186 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1096, size_out = 1096 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 2219, size_out = 2219 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 299, size_out = 299 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1401, size_out = 1401 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 289, size_out = 289 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 297, size_out = 297 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 472, size_out = 472 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 412, size_out = 412 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 448, size_out = 448 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 304, size_out = 304 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 315, size_out = 315 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 2433, size_out = 2433 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 314, size_out = 314 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 6135, size_out = 6135 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 8192, size_out = 8192 True 52
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 5053, size_out = 5053 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 1470, size_out = 1470 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 455, size_out = 455 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 617, size_out = 617 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 580, size_out = 580 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 463, size_out = 463 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 332, size_out = 332 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 481, size_out = 481 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 593, size_out = 593 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 606, size_out = 606 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 390, size_out = 390 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 274, size_out = 274 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 367, size_out = 367 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 347, size_out = 347 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 490, size_out = 490 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 383, size_out = 383 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 346, size_out = 346 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 168, size_out = 168 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 212, size_out = 212 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 205, size_out = 205 True 2
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 189, size_out = 189 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class size = 169, size_out = 169 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 274, size_out = 274 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1989, size_out = 1989 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 900, size_out = 900 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1716, size_out = 1716 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 463, size_out = 463 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 503, size_out = 503 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 220, size_out = 220 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 692, size_out = 692 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 708, size_out = 708 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2656, size_out = 2656 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 588, size_out = 588 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2520, size_out = 2520 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2709, size_out = 2709 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 718, size_out = 718 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 284, size_out = 284 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 14716, size_out = 14716 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2111, size_out = 2111 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8292, size_out = 8292 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6007, size_out = 6007 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2905, size_out = 2905 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 937, size_out = 937 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 585, size_out = 585 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1544, size_out = 1544 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 12572, size_out = 12572 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1904, size_out = 1904 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2008, size_out = 2008 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 783, size_out = 783 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 19213, size_out = 19213 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 332, size_out = 332 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3606, size_out = 3606 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 403, size_out = 403 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 9943, size_out = 9943 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 596, size_out = 596 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 612, size_out = 612 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 544, size_out = 544 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 697, size_out = 697 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 604, size_out = 604 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 452, size_out = 452 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 586, size_out = 586 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 525, size_out = 525 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1974, size_out = 1974 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1159, size_out = 1159 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 426, size_out = 426 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7100, size_out = 7100 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 229, size_out = 229 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 366, size_out = 366 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3515, size_out = 3515 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2163, size_out = 2163 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 179, size_out = 179 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 660, size_out = 660 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 1225, size_out = 1225 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 175, size_out = 175 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5861, size_out = 5861 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 4, size_out = 4 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 128, size_out = 128 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\resources.jar size = 33985, size_out = 33985 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3671, size_out = 3671 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 10989, size_out = 10989 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 407, size_out = 407 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 9301, size_out = 9301 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 28702, size_out = 28702 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6453, size_out = 6453 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2101, size_out = 2101 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2652, size_out = 2652 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1139, size_out = 1139 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2005, size_out = 2005 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5981, size_out = 5981 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 22809, size_out = 22809 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 536, size_out = 536 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1862, size_out = 1862 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 643, size_out = 643 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 112, size_out = 112 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3932, size_out = 3932 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2027, size_out = 2027 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 31499, size_out = 31499 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 659, size_out = 659 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 375, size_out = 375 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1932, size_out = 1932 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 419, size_out = 419 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1599, size_out = 1599 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 335, size_out = 335 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2771, size_out = 2771 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 831, size_out = 831 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1589, size_out = 1589 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 505, size_out = 505 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7594, size_out = 7594 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 16872, size_out = 16872 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 362, size_out = 362 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 435, size_out = 435 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6262, size_out = 6262 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 9824, size_out = 9824 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 13080, size_out = 13080 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 26877, size_out = 26877 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 460, size_out = 460 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 302, size_out = 302 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 503, size_out = 503 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 136, size_out = 136 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 17075, size_out = 17075 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1002, size_out = 1002 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1378, size_out = 1378 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2396, size_out = 2396 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1786, size_out = 1786 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1740, size_out = 1740 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2528, size_out = 2528 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4399, size_out = 4399 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 9883, size_out = 9883 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 373, size_out = 373 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1114, size_out = 1114 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8460, size_out = 8460 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1477, size_out = 1477 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 872, size_out = 872 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3313, size_out = 3313 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 743, size_out = 743 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2872, size_out = 2872 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4879, size_out = 4879 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2958, size_out = 2958 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2419, size_out = 2419 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 239, size_out = 239 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 401, size_out = 401 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 27718, size_out = 27718 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 557, size_out = 557 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 337, size_out = 337 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 18188, size_out = 18188 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 236, size_out = 236 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 272, size_out = 272 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 850, size_out = 850 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3851, size_out = 3851 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 25359, size_out = 25359 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 251, size_out = 251 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 234, size_out = 234 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3171, size_out = 3171 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1336, size_out = 1336 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1685, size_out = 1685 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 898, size_out = 898 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1412, size_out = 1412 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1285, size_out = 1285 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5172, size_out = 5172 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5285, size_out = 5285 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 590, size_out = 590 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 644, size_out = 644 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 569, size_out = 569 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1775, size_out = 1775 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 478, size_out = 478 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 318, size_out = 318 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1001, size_out = 1001 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 942, size_out = 942 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1013, size_out = 1013 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 726, size_out = 726 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 480, size_out = 480 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 706, size_out = 706 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4814, size_out = 4814 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2135, size_out = 2135 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 273, size_out = 273 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1203, size_out = 1203 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1324, size_out = 1324 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1165, size_out = 1165 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1394, size_out = 1394 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2629, size_out = 2629 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2974, size_out = 2974 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1332, size_out = 1332 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1781, size_out = 1781 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 668, size_out = 668 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6859, size_out = 6859 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3482, size_out = 3482 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2798, size_out = 2798 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1566, size_out = 1566 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1279, size_out = 1279 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 429, size_out = 429 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1958, size_out = 1958 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 551, size_out = 551 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1772, size_out = 1772 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2275, size_out = 2275 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5453, size_out = 5453 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 675, size_out = 675 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1051, size_out = 1051 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3280, size_out = 3280 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 829, size_out = 829 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 10444, size_out = 10444 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1204, size_out = 1204 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 16744, size_out = 16744 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 209, size_out = 209 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 13269, size_out = 13269 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 25511, size_out = 25511 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8503, size_out = 8503 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1258, size_out = 1258 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 13723, size_out = 13723 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 311, size_out = 311 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 15196, size_out = 15196 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 30281, size_out = 30281 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 192, size_out = 192 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 215, size_out = 215 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 198, size_out = 198 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1163, size_out = 1163 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2019, size_out = 2019 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6137, size_out = 6137 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1243, size_out = 1243 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 15748, size_out = 15748 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 495, size_out = 495 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1363, size_out = 1363 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1523, size_out = 1523 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1236, size_out = 1236 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1129, size_out = 1129 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1795, size_out = 1795 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6907, size_out = 6907 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2460, size_out = 2460 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 10895, size_out = 10895 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 400, size_out = 400 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4773, size_out = 4773 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6236, size_out = 6236 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1694, size_out = 1694 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1297, size_out = 1297 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1415, size_out = 1415 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 9480, size_out = 9480 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6808, size_out = 6808 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 618, size_out = 618 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1065, size_out = 1065 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5179, size_out = 5179 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4140, size_out = 4140 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 427, size_out = 427 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2727, size_out = 2727 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 803, size_out = 803 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2786, size_out = 2786 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1210, size_out = 1210 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 540, size_out = 540 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 948, size_out = 948 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2962, size_out = 2962 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\accessibility.properties size = 8192, size_out = 155 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\accessibility.properties size = 8192, size_out = 0 True 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5468, size_out = 5468 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1825, size_out = 1825 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 809, size_out = 809 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3856, size_out = 3856 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 854, size_out = 854 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2701, size_out = 2701 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2950, size_out = 2950 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1198, size_out = 1198 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2789, size_out = 2789 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 680, size_out = 680 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 976, size_out = 976 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 445, size_out = 445 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1160, size_out = 1160 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2235, size_out = 2235 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 770, size_out = 770 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1938, size_out = 1938 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8084, size_out = 8084 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 340, size_out = 340 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 392, size_out = 392 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4890, size_out = 4890 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 492, size_out = 492 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3846, size_out = 3846 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 9570, size_out = 9570 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 413, size_out = 413 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 203, size_out = 203 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 789, size_out = 789 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 686, size_out = 686 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4445, size_out = 4445 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1980, size_out = 1980 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2783, size_out = 2783 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1518, size_out = 1518 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3082, size_out = 3082 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 333, size_out = 333 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4157, size_out = 4157 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 169, size_out = 169 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 543, size_out = 543 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4605, size_out = 4605 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 784, size_out = 784 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2147, size_out = 2147 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 975, size_out = 975 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 497, size_out = 497 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 878, size_out = 878 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1061, size_out = 1061 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 614, size_out = 614 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1183, size_out = 1183 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 326, size_out = 326 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 81, size_out = 81 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 830, size_out = 830 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1179, size_out = 1179 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 781, size_out = 781 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 534, size_out = 534 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 300, size_out = 300 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1462, size_out = 1462 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 409, size_out = 409 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 225, size_out = 225 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 897, size_out = 897 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2301, size_out = 2301 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2443, size_out = 2443 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 827, size_out = 827 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5505, size_out = 5505 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1071, size_out = 1071 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1036, size_out = 1036 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 352, size_out = 352 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1116, size_out = 1116 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1796, size_out = 1796 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 448, size_out = 448 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4013, size_out = 4013 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 402, size_out = 402 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1366, size_out = 1366 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 9311, size_out = 9311 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3572, size_out = 3572 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1619, size_out = 1619 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2404, size_out = 2404 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3013, size_out = 3013 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1708, size_out = 1708 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2879, size_out = 2879 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1285, size_out = 1285 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1398, size_out = 1398 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1090, size_out = 1090 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3789, size_out = 3789 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 436, size_out = 436 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 792, size_out = 792 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 384, size_out = 384 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1217, size_out = 1217 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 622, size_out = 622 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 76, size_out = 76 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 527, size_out = 527 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 4051, size_out = 4051 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 7991, size_out = 7991 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 704, size_out = 704 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8401, size_out = 8401 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2096, size_out = 2096 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2691, size_out = 2691 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1664, size_out = 1664 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 6028, size_out = 6028 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7832, size_out = 7832 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5512, size_out = 5512 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 949, size_out = 949 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1167, size_out = 1167 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1427, size_out = 1427 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1429, size_out = 1429 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1873, size_out = 1873 True 1
Fn
Data
Read - size = 8192, size_out = 108 True 1
Fn
Data
Read - size = 8192, size_out = 0 False 1
Fn
Read - size = 8192, size_out = 108 True 1
Fn
Data
Read - size = 8192, size_out = 0 False 1
Fn
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1797, size_out = 1797 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 8192, size_out = 36 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 8192, size_out = 2 True 3
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 8192, size_out = 63 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 8192, size_out = 25 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 8192, size_out = 131 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 8192, size_out = 95 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 8192, size_out = 24 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1396, size_out = 1396 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 582, size_out = 582 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 46400, size_out = 46400 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 263, size_out = 263 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 357, size_out = 357 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5472, size_out = 5472 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3241, size_out = 3241 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1886, size_out = 1886 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5529, size_out = 5529 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1188, size_out = 1188 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 213, size_out = 213 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7520, size_out = 7520 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 8446, size_out = 8446 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5830, size_out = 5830 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1929, size_out = 1929 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 519, size_out = 519 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 855, size_out = 855 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 152, size_out = 152 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1206, size_out = 1206 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 7192, size_out = 7192 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 22580, size_out = 22580 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 325, size_out = 325 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2388, size_out = 2388 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1746, size_out = 1746 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 845, size_out = 845 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 14934, size_out = 14934 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 322, size_out = 322 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1032, size_out = 1032 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 773, size_out = 773 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 122, size_out = 122 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3759, size_out = 3759 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 348, size_out = 348 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 26461, size_out = 26461 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 4540, size_out = 4540 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1995, size_out = 1995 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1261, size_out = 1261 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 4115, size_out = 4115 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2598, size_out = 2598 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 11029, size_out = 11029 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 296, size_out = 296 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1028, size_out = 1028 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 17440, size_out = 17440 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3033, size_out = 3033 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 861, size_out = 861 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2660, size_out = 2660 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1444, size_out = 1444 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1192, size_out = 1192 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 7071, size_out = 7071 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2038, size_out = 2038 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2049, size_out = 2049 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 1627, size_out = 1627 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 8760, size_out = 8760 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 3164, size_out = 3164 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\jsse.jar size = 2552, size_out = 2552 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1600, size_out = 1600 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 109, size_out = 109 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 235, size_out = 235 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 2863, size_out = 2863 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 443, size_out = 443 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 837, size_out = 837 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\jce.jar size = 3196, size_out = 3196 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1262, size_out = 1262 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1812, size_out = 1812 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 240, size_out = 240 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 242, size_out = 242 True 2
Fn
Data
Read C:\Program Files\Java\jre7\lib\ext\sunec.jar size = 1989, size_out = 1989 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 5122, size_out = 5122 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 285, size_out = 285 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 889, size_out = 889 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3271, size_out = 3271 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 496, size_out = 496 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 23927, size_out = 23927 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 1227, size_out = 1227 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 761, size_out = 761 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 107, size_out = 107 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2146, size_out = 2146 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 2114, size_out = 2114 True 1
Fn
Data
Read C:\Program Files\Java\jre7\lib\rt.jar size = 3293, size_out = 3293 True 1
Fn
Data
For performance reasons, the remaining 37 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (25)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\Desktop - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager - True 4
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders value_name = Desktop, data = C:\Users\EEBsYm5\Desktop, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows value_name = GDIProcessHandleQuota, data = 16 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\Desktop value_name = FontSmoothingOrientation, data = 1 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics value_name = Shell Icon BPP, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ThemeActive, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ThemeActive, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = DllName, data = 0, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = SizeName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = SizeName, data = NormalSize, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ColorName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager value_name = ColorName, data = NormalColor, type = REG_SZ True 1
Fn
Process (5)
»
Operation Process Additional Information Success Count Logfile
Create cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs os_pid = 0xb48, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs os_pid = 0xbac, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create cmd.exe os_pid = 0xc1c, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Terminate cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs exit_code = 1 False 1
Fn
Terminate cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs exit_code = 1 False 1
Fn
Module (120)
»
Operation Module Additional Information Success Count Logfile
Load COMCTL32.dll base_address = 0x74250000 True 1
Fn
Load GDI32.dll base_address = 0x76970000 True 1
Fn
Load ole32.dll base_address = 0x76d70000 True 1
Fn
Load SHELL32.dll base_address = 0x75570000 True 1
Fn
Load C:\Windows\system32\user32.dll base_address = 0x769c0000 True 1
Fn
Load C:\Windows\system32\DWMAPI.DLL base_address = 0x73da0000 True 1
Fn
Load C:\Windows\system32\UXTHEME.DLL base_address = 0x740d0000 True 1
Fn
Get Handle c:\program files\java\jre7\bin\client\jvm.dll base_address = 0x6cf60000 True 2
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Get Filename c:\program files\java\jre7\bin\client\jvm.dll process_name = c:\program files\java\jre7\bin\java.exe, file_name_orig = C:\Program Files\Java\jre7\bin\client\jvm.dll, size = 260 True 1
Fn
Get Address c:\program files\java\jre7\bin\client\jvm.dll function = JVM_GetVersionInfo, address_out = 0x6d04d980 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetNativeSystemInfo, address_out = 0x76f0be77 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = GetFinalPathNameByHandleW, address_out = 0x76f04e2a True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = FindFirstStreamW, address_out = 0x76f2c8fa True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FindNextStreamW, address_out = 0x76f2c838 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CreateSymbolicLinkW, address_out = 0x76f59aa9 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetKeyboardLayout, address_out = 0x769d3800 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetDoubleClickTime, address_out = 0x769cade0 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetrics, address_out = 0x769d67cf True 1
Fn
Get Address c:\windows\system32\user32.dll function = ToAsciiEx, address_out = 0x76a0b797 True 13
Fn
Get Address c:\windows\system32\user32.dll function = GetKeyboardState, address_out = 0x769f6946 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll function = InitCommonControlsEx, address_out = 0x742709ce True 1
Fn
Get Address c:\windows\system32\user32.dll function = LoadIconW, address_out = 0x769cf142 True 1
Fn
Get Address c:\windows\system32\user32.dll function = RegisterClassW, address_out = 0x769ced4a True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetDC, address_out = 0x769d544c True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetDeviceCaps, address_out = 0x76976f7f True 2
Fn
Get Address c:\windows\system32\user32.dll function = ReleaseDC, address_out = 0x769d5421 True 1
Fn
Get Address c:\windows\system32\user32.dll function = CreateWindowExW, address_out = 0x769cec7c True 1
Fn
Get Address c:\windows\system32\user32.dll function = DefWindowProcW, address_out = 0x769d507d True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetWindowsHookExW, address_out = 0x769ce30c True 1
Fn
Get Address c:\windows\system32\ole32.dll function = OleInitialize, address_out = 0x76d8efd7 True 1
Fn
Get Address c:\windows\system32\user32.dll function = WaitMessage, address_out = 0x769d66bd True 1
Fn
Get Address c:\windows\system32\user32.dll function = SystemParametersInfoW, address_out = 0x769ce09a True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSysColor, address_out = 0x769ddb7a True 29
Fn
Get Address c:\windows\system32\shell32.dll function = SHGetSettings, address_out = 0x757e58e8 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = CreateDCW, address_out = 0x7697cf79 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetStockObject, address_out = 0x76975ddf True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = SelectObject, address_out = 0x76976640 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetTextFaceW, address_out = 0x7697b73a True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetTextMetricsW, address_out = 0x76977b8f True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = DeleteDC, address_out = 0x76976eaa True 1
Fn
Get Address c:\windows\system32\user32.dll function = SetProcessDPIAware, address_out = 0x769de95c True 1
Fn
Get Address c:\windows\system32\dwmapi.dll function = DwmIsCompositionEnabled, address_out = 0x73da1610 True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnumDisplayMonitors, address_out = 0x769d34a3 True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = CreateCompatibleBitmap, address_out = 0x769773ad True 1
Fn
Get Address c:\windows\system32\gdi32.dll function = GetDIBits, address_out = 0x7697a23b True 2
Fn
Get Address c:\windows\system32\gdi32.dll function = DeleteObject, address_out = 0x76975f14 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = OpenThemeData, address_out = 0x740d73d2 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeBackground, address_out = 0x740d3982 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = CloseThemeData, address_out = 0x740d6a18 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = DrawThemeText, address_out = 0x740d4ea1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x740dcd2e True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeMargins, address_out = 0x740d86e9 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemePartDefined, address_out = 0x740d85b4 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeBool, address_out = 0x740d7c1f True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeSysBool, address_out = 0x74103172 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeColor, address_out = 0x740d616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeEnumValue, address_out = 0x740d616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeInt, address_out = 0x740d616c True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePosition, address_out = 0x74102350 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemePartSize, address_out = 0x740dcdb1 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = SetWindowTheme, address_out = 0x740e0134 True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x740d60ab True 1
Fn
Get Address c:\windows\system32\uxtheme.dll function = GetThemeTransitionDuration, address_out = 0x740e1081 True 1
Fn
Get Address c:\windows\system32\user32.dll function = PeekMessageW, address_out = 0x769d634a True 1
Fn
Get Address c:\windows\system32\user32.dll function = SendMessageW, address_out = 0x769d5539 True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnumThreadWindows, address_out = 0x769cb712 True 1
Fn
Get Address c:\windows\system32\user32.dll function = PostMessageW, address_out = 0x769d447b True 1
Fn
Get Address c:\windows\system32\user32.dll function = CallNextHookEx, address_out = 0x769cabe1 True 1
Fn
Get Address c:\windows\system32\user32.dll function = PostQuitMessage, address_out = 0x769cb308 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = OleUninitialize, address_out = 0x76d8eba1 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetMessageW, address_out = 0x769dcde8 True 1
Fn
Get Address c:\windows\system32\user32.dll function = IsWindow, address_out = 0x769d53ba True 1
Fn
Get Address c:\windows\system32\user32.dll function = DestroyWindow, address_out = 0x769cb2f4 True 1
Fn
Window (1)
»
Operation Window Name Additional Information Success Count Logfile
Create theAwtToolkitWindow class_name = SunAwtToolkit, wndproc_parameter = 0 True 1
Fn
Keyboard (4)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 3
Fn
Read result_out = 1 True 1
Fn
System (20)
»
Operation Additional Information Success Count Logfile
Sleep duration = 100 milliseconds (0.100 seconds) True 1
Fn
Register Hook type = WH_GETMESSAGE, hookproc_address = 0x6ccf1da0 True 1
Fn
Get Info type = Operating System True 4
Fn
Get Info type = Hardware Information True 2
Fn
Get Info type = Operating System True 9
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 3
Fn
Network Behavior
DNS (3)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = cRh2YWu7 True 2
Fn
Resolve Name host = cRh2YWu7, address_out = fe80:0000:0000:0000:48d9:542c:fc57:360f, 192.168.0.222 True 1
Fn
TCP Sessions (11)
»
Information Value
Total Data Sent 0 bytes
Total Data Received 0 bytes
Contacted Host Count 1
Contacted Hosts 0000:0000:0000:0000:0000:ffff:7f00:0001:7777
TCP Session #1
»
Information Value
Handle 0x370
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Handle 0x398
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #3
»
Information Value
Handle 0x398
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #4
»
Information Value
Handle 0x398
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #5
»
Information Value
Handle 0x398
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #6
»
Information Value
Handle 0x38c
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #7
»
Information Value
Handle 0x38c
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #8
»
Information Value
Handle 0x394
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #9
»
Information Value
Handle 0x394
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #10
»
Information Value
Handle 0x394
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
TCP Session #11
»
Information Value
Handle 0x394
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:7f00:0001
Remote Port 7777
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:7f00:0001, remote_port = 7777 False 1
Fn
Close type = SOCK_STREAM True 1
Fn
Process #3: cmd.exe
56 0
»
Information Value
ID #3
File Name c:\windows\system32\cmd.exe
Command Line cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:12, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:29
OS Process Information
»
Information Value
PID 0xae8
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AEC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c6fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory Readable, Writable True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory Readable, Writable True False False -
cscript.exe 0x00100000 0x00121fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000000130000 0x00130000 0x0022ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000230000 0x00230000 0x002f7fff Pagefile Backed Memory Readable True False False -
cscript.exe.mui 0x00300000 0x00302fff Memory Mapped File Readable, Writable False False False -
private_0x0000000000320000 0x00320000 0x0032ffff Private Memory Readable, Writable True False False -
private_0x00000000003a0000 0x003a0000 0x0049ffff Private Memory Readable, Writable True False False -
pagefile_0x00000000004a0000 0x004a0000 0x005a0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000005b0000 0x005b0000 0x011affff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000011b0000 0x011b0000 0x01312fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x01320000 0x015eefff Memory Mapped File Readable False False False -
cmd.exe 0x4a090000 0x4a0dbfff Memory Mapped File Readable, Writable, Executable True False False -
winbrand.dll 0x6f550000 0x6f556fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (9)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\EEBsYm5\Desktop type = file_attributes True 2
Fn
Get Info cscript.exe type = file_attributes False 1
Fn
Open STD_OUTPUT_HANDLE - True 4
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 232, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\cscript.exe os_pid = 0xb00, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a090000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76f0ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76f13ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76f22732 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:37 (UTC) True 1
Fn
Get Time type = Ticks, time = 136781 True 1
Fn
Environment (19)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 7
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #4: cscript.exe
82 0
»
Information Value
ID #4
File Name c:\windows\system32\cscript.exe
Command Line cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:13, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:28
OS Process Information
»
Information Value
PID 0xb00
Parent PID 0xae8 (c:\windows\system32\cmd.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B04
0x B08
0x B0C
0x B14
0x B20
0x B28
0x B2C
0x B30
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00040000 0x000a6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b6fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000000d0000 0x000d0000 0x000dffff Private Memory Readable, Writable True False False -
cscript.exe.mui 0x000e0000 0x000e2fff Memory Mapped File Readable, Writable False False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory Readable, Writable True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory Readable, Writable True False False -
cscript.exe 0x00110000 0x0011bfff Memory Mapped File Readable True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory Readable True False False -
private_0x0000000000130000 0x00130000 0x0022ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000230000 0x00230000 0x002f7fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000300000 0x00300000 0x00400fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000410000 0x00410000 0x00410fff Pagefile Backed Memory Readable True False False -
private_0x0000000000420000 0x00420000 0x0051ffff Private Memory Readable, Writable True False False -
rpcss.dll 0x00520000 0x0057bfff Memory Mapped File Readable False False False -
private_0x0000000000520000 0x00520000 0x0056ffff Private Memory Readable, Writable True False False -
retrive6349682593628295348.vbs 0x00520000 0x00520fff Memory Mapped File Readable True True False
...
private_0x0000000000520000 0x00520000 0x0052ffff Private Memory Readable, Writable True False False -
private_0x0000000000530000 0x00530000 0x0056ffff Private Memory Readable, Writable True False False -
rsaenh.dll 0x00570000 0x005abfff Memory Mapped File Readable False False False -
retrive6349682593628295348.vbs 0x00570000 0x00570fff Memory Mapped File Readable True True False
...
private_0x0000000000570000 0x00570000 0x0059ffff Private Memory Readable, Writable True False False -
wbemdisp.tlb 0x00570000 0x0057efff Memory Mapped File Readable False False False -
private_0x0000000000590000 0x00590000 0x0059ffff Private Memory Readable, Writable True False False -
cscript.exe 0x005f0000 0x00611fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000620000 0x00620000 0x0121ffff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001220000 0x01220000 0x012fefff Pagefile Backed Memory Readable True False False -
private_0x0000000001380000 0x01380000 0x0147ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x01480000 0x0174efff Memory Mapped File Readable False False False -
private_0x0000000001750000 0x01750000 0x0184ffff Private Memory Readable, Writable True False False -
private_0x0000000001850000 0x01850000 0x0194ffff Private Memory Readable, Writable True False False -
private_0x0000000001a20000 0x01a20000 0x01b1ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000001b20000 0x01b20000 0x01f1ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000001f20000 0x01f20000 0x020cffff Private Memory Readable, Writable True False False -
private_0x0000000001f20000 0x01f20000 0x0207ffff Private Memory Readable, Writable True False False -
private_0x0000000001f40000 0x01f40000 0x0203ffff Private Memory Readable, Writable True False False -
private_0x0000000002040000 0x02040000 0x0207ffff Private Memory Readable, Writable True False False -
private_0x0000000002090000 0x02090000 0x020cffff Private Memory Readable, Writable True False False -
private_0x00000000020f0000 0x020f0000 0x021effff Private Memory Readable, Writable True False False -
private_0x0000000002220000 0x02220000 0x0231ffff Private Memory Readable, Writable True False False -
private_0x0000000002470000 0x02470000 0x0256ffff Private Memory Readable, Writable True False False -
wbemdisp.dll 0x6d500000 0x6d530fff Memory Mapped File Readable, Writable, Executable True False False -
scrobj.dll 0x6dad0000 0x6dafcfff Memory Mapped File Readable, Writable, Executable True False False -
wmiutils.dll 0x6f390000 0x6f3a6fff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x6f3c0000 0x6f443fff Memory Mapped File Readable, Writable, Executable False False False -
wshext.dll 0x6f450000 0x6f465fff Memory Mapped File Readable, Writable, Executable True False False -
vbscript.dll 0x6f4e0000 0x6f54afff Memory Mapped File Readable, Writable, Executable True False False -
msisip.dll 0x6f560000 0x6f567fff Memory Mapped File Readable, Writable, Executable False False False -
wbemsvc.dll 0x6f7c0000 0x6f7cefff Memory Mapped File Readable, Writable, Executable False False False -
wbemprox.dll 0x6fa20000 0x6fa29fff Memory Mapped File Readable, Writable, Executable False False False -
ntdsapi.dll 0x6fa30000 0x6fa47fff Memory Mapped File Readable, Writable, Executable False False False -
fastprox.dll 0x6fa50000 0x6fae5fff Memory Mapped File Readable, Writable, Executable False False False -
wbemcomn.dll 0x6fc20000 0x6fc7bfff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x73da0000 0x73db2fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x740d0000 0x7410ffff Memory Mapped File Readable, Writable, Executable False False False -
version.dll 0x747c0000 0x747c8fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74ae0000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74d40000 0x74d55fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x751c0000 0x751cbfff Memory Mapped File Readable, Writable, Executable False False False -
sxs.dll 0x751d0000 0x7522efff Memory Mapped File Readable, Writable, Executable False False False -
rpcrtremote.dll 0x75260000 0x7526dfff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x752e0000 0x752ebfff Memory Mapped File Readable, Writable, Executable False False False -
wintrust.dll 0x752f0000 0x7531cfff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x75320000 0x7543cfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x75570000 0x761b9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x766d0000 0x76752fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76b40000 0x76bcefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x76d70000 0x76ecbfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory Readable, Writable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory Readable, Writable True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory Readable, Writable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
COM (11)
»
Operation Class Interface Additional Information Success Count Logfile
Create B54F3741-5B07-11CF-A4B0-00AA004A55E8 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 06290BD1-48AA-11D2-8432-006008C3FBFC E4D1C9B0-46E8-11D4-A2A6-00104BD35090 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WbemDefaultPathParser IWbemPath cls_context = CLSCTX_INPROC_SERVER True 5
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct True 1
Fn
File (6)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs type = size True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs type = size True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs size = 276, size_out = 276 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 108 True 1
Fn
Data
Registry (29)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CLASSES_ROOT\.vbs - True 1
Fn
Open Key HKEY_CLASSES_ROOT\VBSFile\ScriptEngine - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 132, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 132, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 132, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 226, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 226, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 208, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 208, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 49, type = REG_NONE False 1
Fn
Read Value HKEY_CLASSES_ROOT\.vbs data = VBSFile, type = REG_SZ True 1
Fn
Read Value HKEY_CLASSES_ROOT\VBSFile\ScriptEngine data = VBScript, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting value_name = Default Impersonation Level, data = 3 True 1
Fn
Module (19)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76ed0000 True 2
Fn
Load ole32.dll base_address = 0x76d70000 True 1
Fn
Load C:\Windows\system32\advapi32.dll base_address = 0x76fb0000 True 2
Fn
Get Handle c:\windows\system32\cscript.exe base_address = 0x5f0000 True 1
Fn
Get Filename c:\windows\system32\cscript.exe process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = HeapSetInformation, address_out = 0x76f24157 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76db9d0b True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x76fd2102 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x76fd3352 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x76fd3825 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CreateBindCtx, address_out = 0x76db6d2c True 1
Fn
Get Address c:\windows\system32\ole32.dll function = MkParseDisplayName, address_out = 0x76d7cea9 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = DuplicateTokenEx, address_out = 0x76fbca24 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = BindMoniker, address_out = 0x76d7c6a7 True 1
Fn
Create Mapping C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs filename = C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs, protection = PAGE_READONLY, maximum_size = 276 True 1
Fn
Map C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ True 1
Fn
Window (2)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WSH-Timer, wndproc_parameter = 860800 True 1
Fn
Set Attribute - class_name = WSH-Timer, index = 18446744073709551595, new_long = 860800 False 1
Fn
System (15)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 2
Fn
Get Time type = System Time, time = 2018-02-24 20:29:37 (UTC) True 1
Fn
Get Time type = Ticks, time = 137140 True 1
Fn
Get Time type = Ticks, time = 137889 True 1
Fn
Get Info type = Operating System True 5
Fn
Get Info type = Operating System True 1
Fn
Get Info type = System Directory True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Get Info type = Hardware Information True 1
Fn
Process #6: cmd.exe
56 0
»
Information Value
ID #6
File Name c:\windows\system32\cmd.exe
Command Line cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:20, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:21
OS Process Information
»
Information Value
PID 0xb48
Parent PID 0xa9c (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B4C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000c0000 0x000c0000 0x00187fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000190000 0x00190000 0x00196fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000001b0000 0x001b0000 0x001b0fff Private Memory Readable, Writable True False False -
private_0x00000000001c0000 0x001c0000 0x001c0fff Private Memory Readable, Writable True False False -
private_0x00000000001d0000 0x001d0000 0x001dffff Private Memory Readable, Writable True False False -
cscript.exe.mui 0x001e0000 0x001e2fff Memory Mapped File Readable, Writable False False False -
private_0x00000000001f0000 0x001f0000 0x002effff Private Memory Readable, Writable True False False -
pagefile_0x00000000002f0000 0x002f0000 0x003f0fff Pagefile Backed Memory Readable True False False -
cscript.exe 0x00400000 0x00421fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000000430000 0x00430000 0x0052ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000530000 0x00530000 0x0112ffff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001130000 0x01130000 0x01292fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x012a0000 0x0156efff Memory Mapped File Readable False False False -
cmd.exe 0x4a090000 0x4a0dbfff Memory Mapped File Readable, Writable, Executable True False False -
winbrand.dll 0x6f550000 0x6f556fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (9)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\EEBsYm5\Desktop type = file_attributes True 2
Fn
Get Info cscript.exe type = file_attributes False 1
Fn
Open STD_OUTPUT_HANDLE - True 4
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 232, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\cscript.exe os_pid = 0xb60, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a090000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76f0ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76f13ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76f22732 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 141274 True 1
Fn
Environment (19)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 7
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #7: cscript.exe
82 0
»
Information Value
ID #7
File Name c:\windows\system32\cscript.exe
Command Line cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:20, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:21
OS Process Information
»
Information Value
PID 0xb60
Parent PID 0xb48 (c:\windows\system32\cmd.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B64
0x B68
0x B6C
0x B74
0x B78
0x B88
0x B94
0x B98
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00040000 0x000a6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b6fff Pagefile Backed Memory Readable True False False -
private_0x00000000000c0000 0x000c0000 0x000cffff Private Memory Readable, Writable True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory Readable, Writable True False False -
cscript.exe.mui 0x000e0000 0x000e2fff Memory Mapped File Readable, Writable False False False -
private_0x00000000000f0000 0x000f0000 0x001effff Private Memory Readable, Writable True False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory Readable, Writable True False False -
private_0x0000000000200000 0x00200000 0x002fffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000300000 0x00300000 0x003c7fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000003d0000 0x003d0000 0x004d0fff Pagefile Backed Memory Readable True False False -
private_0x00000000004e0000 0x004e0000 0x004e0fff Private Memory Readable, Writable True False False -
rpcss.dll 0x004f0000 0x0054bfff Memory Mapped File Readable False False False -
pagefile_0x00000000004f0000 0x004f0000 0x005cefff Pagefile Backed Memory Readable True False False -
cscript.exe 0x005d0000 0x005dbfff Memory Mapped File Readable True False False -
pagefile_0x00000000005e0000 0x005e0000 0x005e0fff Pagefile Backed Memory Readable True False False -
cscript.exe 0x005f0000 0x00611fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000620000 0x00620000 0x0121ffff Pagefile Backed Memory Readable True False False -
private_0x0000000001220000 0x01220000 0x013dffff Private Memory Readable, Writable True False False -
pagefile_0x0000000001220000 0x01220000 0x01220fff Pagefile Backed Memory Readable True False False -
retrive2551337130529148691.vbs 0x01230000 0x01230fff Memory Mapped File Readable True True False
...
rsaenh.dll 0x01230000 0x0126bfff Memory Mapped File Readable False False False -
private_0x0000000001230000 0x01230000 0x0123ffff Private Memory Readable, Writable True False False -
retrive2551337130529148691.vbs 0x01240000 0x01240fff Memory Mapped File Readable True True False
...
private_0x0000000001240000 0x01240000 0x0137ffff Private Memory Readable, Writable True False False -
private_0x0000000001240000 0x01240000 0x0133ffff Private Memory Readable, Writable True False False -
wbemdisp.tlb 0x01340000 0x0134efff Memory Mapped File Readable False False False -
private_0x0000000001370000 0x01370000 0x0137ffff Private Memory Readable, Writable True False False -
private_0x00000000013a0000 0x013a0000 0x013dffff Private Memory Readable, Writable True False False -
private_0x0000000001430000 0x01430000 0x0152ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x01530000 0x017fefff Memory Mapped File Readable False False False -
private_0x0000000001800000 0x01800000 0x0185ffff Private Memory Readable, Writable True False False -
private_0x00000000018f0000 0x018f0000 0x019effff Private Memory Readable, Writable True False False -
private_0x00000000019f0000 0x019f0000 0x01a8ffff Private Memory Readable, Writable True False False -
private_0x0000000001a90000 0x01a90000 0x01b8ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000001b90000 0x01b90000 0x01f8ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000020a0000 0x020a0000 0x0219ffff Private Memory Readable, Writable True False False -
private_0x00000000021a0000 0x021a0000 0x0229ffff Private Memory Readable, Writable True False False -
private_0x00000000023e0000 0x023e0000 0x024dffff Private Memory Readable, Writable True False False -
private_0x00000000025b0000 0x025b0000 0x026affff Private Memory Readable, Writable True False False -
comctl32.dll 0x6d380000 0x6d403fff Memory Mapped File Readable, Writable, Executable False False False -
wmiutils.dll 0x6f390000 0x6f3a6fff Memory Mapped File Readable, Writable, Executable False False False -
wbemdisp.dll 0x6f3d0000 0x6f400fff Memory Mapped File Readable, Writable, Executable True False False -
scrobj.dll 0x6f410000 0x6f43cfff Memory Mapped File Readable, Writable, Executable True False False -
wshext.dll 0x6f440000 0x6f455fff Memory Mapped File Readable, Writable, Executable True False False -
msisip.dll 0x6f460000 0x6f467fff Memory Mapped File Readable, Writable, Executable False False False -
vbscript.dll 0x6f4e0000 0x6f54afff Memory Mapped File Readable, Writable, Executable True False False -
wbemsvc.dll 0x6f7c0000 0x6f7cefff Memory Mapped File Readable, Writable, Executable False False False -
wbemprox.dll 0x6fa20000 0x6fa29fff Memory Mapped File Readable, Writable, Executable False False False -
ntdsapi.dll 0x6fa30000 0x6fa47fff Memory Mapped File Readable, Writable, Executable False False False -
fastprox.dll 0x6fa50000 0x6fae5fff Memory Mapped File Readable, Writable, Executable False False False -
wbemcomn.dll 0x6fc20000 0x6fc7bfff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x73da0000 0x73db2fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x740d0000 0x7410ffff Memory Mapped File Readable, Writable, Executable False False False -
version.dll 0x747c0000 0x747c8fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74ae0000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74d40000 0x74d55fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x751c0000 0x751cbfff Memory Mapped File Readable, Writable, Executable False False False -
sxs.dll 0x751d0000 0x7522efff Memory Mapped File Readable, Writable, Executable False False False -
rpcrtremote.dll 0x75260000 0x7526dfff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x752e0000 0x752ebfff Memory Mapped File Readable, Writable, Executable False False False -
wintrust.dll 0x752f0000 0x7531cfff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x75320000 0x7543cfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x75570000 0x761b9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x766d0000 0x76752fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76b40000 0x76bcefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x76d70000 0x76ecbfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd3000 0x7ffd3000 0x7ffd3fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory Readable, Writable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory Readable, Writable True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory Readable, Writable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
COM (11)
»
Operation Class Interface Additional Information Success Count Logfile
Create B54F3741-5B07-11CF-A4B0-00AA004A55E8 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 06290BD1-48AA-11D2-8432-006008C3FBFC E4D1C9B0-46E8-11D4-A2A6-00104BD35090 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WbemDefaultPathParser IWbemPath cls_context = CLSCTX_INPROC_SERVER True 5
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct True 1
Fn
File (6)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs type = size True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs type = size True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs size = 276, size_out = 276 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 108 True 1
Fn
Data
Registry (29)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CLASSES_ROOT\.vbs - True 1
Fn
Open Key HKEY_CLASSES_ROOT\VBSFile\ScriptEngine - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 36, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 36, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 36, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 118, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 118, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 112, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 112, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 49, type = REG_NONE False 1
Fn
Read Value HKEY_CLASSES_ROOT\.vbs data = VBSFile, type = REG_SZ True 1
Fn
Read Value HKEY_CLASSES_ROOT\VBSFile\ScriptEngine data = VBScript, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting value_name = Default Impersonation Level, data = 3 True 1
Fn
Module (19)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76ed0000 True 2
Fn
Load ole32.dll base_address = 0x76d70000 True 1
Fn
Load C:\Windows\system32\advapi32.dll base_address = 0x76fb0000 True 2
Fn
Get Handle c:\windows\system32\cscript.exe base_address = 0x5f0000 True 1
Fn
Get Filename c:\windows\system32\cscript.exe process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = HeapSetInformation, address_out = 0x76f24157 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76db9d0b True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x76fd2102 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x76fd3352 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x76fd3825 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CreateBindCtx, address_out = 0x76db6d2c True 1
Fn
Get Address c:\windows\system32\ole32.dll function = MkParseDisplayName, address_out = 0x76d7cea9 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = DuplicateTokenEx, address_out = 0x76fbca24 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = BindMoniker, address_out = 0x76d7c6a7 True 1
Fn
Create Mapping C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs filename = C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs, protection = PAGE_READONLY, maximum_size = 276 True 1
Fn
Map C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ True 1
Fn
Window (2)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WSH-Timer, wndproc_parameter = 795264 True 1
Fn
Set Attribute - class_name = WSH-Timer, index = 18446744073709551595, new_long = 795264 False 1
Fn
System (15)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 2
Fn
Get Time type = System Time, time = 2018-02-24 20:29:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 141336 True 1
Fn
Get Time type = Ticks, time = 141399 True 1
Fn
Get Info type = Operating System True 5
Fn
Get Info type = Operating System True 1
Fn
Get Info type = System Directory True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Get Info type = Hardware Information True 1
Fn
Process #8: cmd.exe
56 0
»
Information Value
ID #8
File Name c:\windows\system32\cmd.exe
Command Line cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:20, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:21
OS Process Information
»
Information Value
PID 0xb7c
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B80
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c6fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory Readable, Writable True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory Readable, Writable True False False -
cscript.exe 0x00100000 0x00121fff Memory Mapped File Readable, Writable, Executable False False False -
cscript.exe.mui 0x00130000 0x00132fff Memory Mapped File Readable, Writable False False False -
private_0x0000000000150000 0x00150000 0x0024ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000250000 0x00250000 0x00317fff Pagefile Backed Memory Readable True False False -
private_0x0000000000320000 0x00320000 0x0032ffff Private Memory Readable, Writable True False False -
private_0x00000000003a0000 0x003a0000 0x0049ffff Private Memory Readable, Writable True False False -
pagefile_0x00000000004a0000 0x004a0000 0x005a0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000005b0000 0x005b0000 0x011affff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000011b0000 0x011b0000 0x01312fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x01320000 0x015eefff Memory Mapped File Readable False False False -
cmd.exe 0x4a090000 0x4a0dbfff Memory Mapped File Readable, Writable, Executable True False False -
winbrand.dll 0x6f550000 0x6f556fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (9)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\EEBsYm5\Desktop type = file_attributes True 2
Fn
Get Info cscript.exe type = file_attributes False 1
Fn
Open STD_OUTPUT_HANDLE - True 4
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 232, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\cscript.exe os_pid = 0xba0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a090000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76f0ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76f13ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76f22732 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 141555 True 1
Fn
Environment (19)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 7
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #9: cscript.exe
81 0
»
Information Value
ID #9
File Name c:\windows\system32\cscript.exe
Command Line cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:20, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:21
OS Process Information
»
Information Value
PID 0xba0
Parent PID 0xb7c (c:\windows\system32\cmd.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BA4
0x BBC
0x BC4
0x BC8
0x BCC
0x BD8
0x BDC
0x BE0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00040000 0x000a6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b6fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c1fff Pagefile Backed Memory Readable, Writable True False False -
cscript.exe.mui 0x000d0000 0x000d2fff Memory Mapped File Readable, Writable False False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory Readable, Writable True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory Readable, Writable True False False -
cscript.exe 0x00100000 0x0010bfff Memory Mapped File Readable True False False -
pagefile_0x0000000000110000 0x00110000 0x00110fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000120000 0x00120000 0x00120fff Pagefile Backed Memory Readable True False False -
retrive5365638019239783154.vbs 0x00130000 0x00130fff Memory Mapped File Readable True True False
...
private_0x0000000000130000 0x00130000 0x0013ffff Private Memory Readable, Writable True False False -
retrive5365638019239783154.vbs 0x00140000 0x00140fff Memory Mapped File Readable True True False
...
wbemdisp.tlb 0x00140000 0x0014efff Memory Mapped File Readable False False False -
private_0x0000000000150000 0x00150000 0x0024ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000250000 0x00250000 0x00317fff Pagefile Backed Memory Readable True False False -
rpcss.dll 0x00320000 0x0037bfff Memory Mapped File Readable False False False -
private_0x0000000000320000 0x00320000 0x0038ffff Private Memory Readable, Writable True False False -
private_0x0000000000390000 0x00390000 0x0048ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000490000 0x00490000 0x00590fff Pagefile Backed Memory Readable True False False -
rsaenh.dll 0x005a0000 0x005dbfff Memory Mapped File Readable False False False -
cscript.exe 0x005f0000 0x00611fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000620000 0x00620000 0x006fefff Pagefile Backed Memory Readable True False False -
private_0x0000000000700000 0x00700000 0x007fffff Private Memory Readable, Writable True False False -
private_0x0000000000800000 0x00800000 0x0080ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000810000 0x00810000 0x0140ffff Pagefile Backed Memory Readable True False False -
private_0x0000000001540000 0x01540000 0x0163ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x01640000 0x0190efff Memory Mapped File Readable False False False -
private_0x0000000001940000 0x01940000 0x01a3ffff Private Memory Readable, Writable True False False -
private_0x0000000001af0000 0x01af0000 0x01beffff Private Memory Readable, Writable True False False -
pagefile_0x0000000001bf0000 0x01bf0000 0x01feffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000001ff0000 0x01ff0000 0x0212ffff Private Memory Readable, Writable True False False -
private_0x0000000002140000 0x02140000 0x0223ffff Private Memory Readable, Writable True False False -
private_0x0000000002240000 0x02240000 0x023dffff Private Memory Readable, Writable True False False -
private_0x0000000002240000 0x02240000 0x0238ffff Private Memory Readable, Writable True False False -
private_0x00000000023a0000 0x023a0000 0x023dffff Private Memory Readable, Writable True False False -
private_0x00000000024e0000 0x024e0000 0x025dffff Private Memory Readable, Writable True False False -
private_0x00000000026d0000 0x026d0000 0x027cffff Private Memory Readable, Writable True False False -
private_0x00000000028c0000 0x028c0000 0x029bffff Private Memory Readable, Writable True False False -
wbemdisp.dll 0x6d500000 0x6d530fff Memory Mapped File Readable, Writable, Executable True False False -
scrobj.dll 0x6dad0000 0x6dafcfff Memory Mapped File Readable, Writable, Executable True False False -
wmiutils.dll 0x6f390000 0x6f3a6fff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x6f3c0000 0x6f443fff Memory Mapped File Readable, Writable, Executable False False False -
wshext.dll 0x6f450000 0x6f465fff Memory Mapped File Readable, Writable, Executable True False False -
vbscript.dll 0x6f4e0000 0x6f54afff Memory Mapped File Readable, Writable, Executable True False False -
msisip.dll 0x6f560000 0x6f567fff Memory Mapped File Readable, Writable, Executable False False False -
wbemsvc.dll 0x6f7c0000 0x6f7cefff Memory Mapped File Readable, Writable, Executable False False False -
wbemprox.dll 0x6fa20000 0x6fa29fff Memory Mapped File Readable, Writable, Executable False False False -
ntdsapi.dll 0x6fa30000 0x6fa47fff Memory Mapped File Readable, Writable, Executable False False False -
fastprox.dll 0x6fa50000 0x6fae5fff Memory Mapped File Readable, Writable, Executable False False False -
wbemcomn.dll 0x6fc20000 0x6fc7bfff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x73da0000 0x73db2fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x740d0000 0x7410ffff Memory Mapped File Readable, Writable, Executable False False False -
version.dll 0x747c0000 0x747c8fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74ae0000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74d40000 0x74d55fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x751c0000 0x751cbfff Memory Mapped File Readable, Writable, Executable False False False -
sxs.dll 0x751d0000 0x7522efff Memory Mapped File Readable, Writable, Executable False False False -
rpcrtremote.dll 0x75260000 0x7526dfff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x752e0000 0x752ebfff Memory Mapped File Readable, Writable, Executable False False False -
wintrust.dll 0x752f0000 0x7531cfff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x75320000 0x7543cfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x75570000 0x761b9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x766d0000 0x76752fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76b40000 0x76bcefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x76d70000 0x76ecbfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory Readable, Writable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory Readable, Writable True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory Readable, Writable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
COM (11)
»
Operation Class Interface Additional Information Success Count Logfile
Create B54F3741-5B07-11CF-A4B0-00AA004A55E8 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 06290BD1-48AA-11D2-8432-006008C3FBFC E4D1C9B0-46E8-11D4-A2A6-00104BD35090 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WbemDefaultPathParser IWbemPath cls_context = CLSCTX_INPROC_SERVER True 5
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct True 1
Fn
File (6)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs type = size True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs type = size True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs size = 281, size_out = 281 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 108 True 1
Fn
Data
Registry (29)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CLASSES_ROOT\.vbs - True 1
Fn
Open Key HKEY_CLASSES_ROOT\VBSFile\ScriptEngine - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 132, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 132, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 132, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 41, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 41, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 208, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 208, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 49, type = REG_NONE False 1
Fn
Read Value HKEY_CLASSES_ROOT\.vbs data = VBSFile, type = REG_SZ True 1
Fn
Read Value HKEY_CLASSES_ROOT\VBSFile\ScriptEngine data = VBScript, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting value_name = Default Impersonation Level, data = 3 True 1
Fn
Module (19)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76ed0000 True 2
Fn
Load ole32.dll base_address = 0x76d70000 True 1
Fn
Load C:\Windows\system32\advapi32.dll base_address = 0x76fb0000 True 2
Fn
Get Handle c:\windows\system32\cscript.exe base_address = 0x5f0000 True 1
Fn
Get Filename c:\windows\system32\cscript.exe process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = HeapSetInformation, address_out = 0x76f24157 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76db9d0b True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x76fd2102 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x76fd3352 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x76fd3825 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CreateBindCtx, address_out = 0x76db6d2c True 1
Fn
Get Address c:\windows\system32\ole32.dll function = MkParseDisplayName, address_out = 0x76d7cea9 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = DuplicateTokenEx, address_out = 0x76fbca24 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = BindMoniker, address_out = 0x76d7c6a7 True 1
Fn
Create Mapping C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs filename = C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs, protection = PAGE_READONLY, maximum_size = 281 True 1
Fn
Map C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ True 1
Fn
Window (2)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WSH-Timer, wndproc_parameter = 8397440 True 1
Fn
Set Attribute - class_name = WSH-Timer, index = 18446744073709551595, new_long = 8397440 False 1
Fn
System (14)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 2
Fn
Get Time type = System Time, time = 2018-02-24 20:29:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 141695 True 1
Fn
Get Time type = Ticks, time = 141758 True 1
Fn
Get Info type = Operating System True 4
Fn
Get Info type = Operating System True 1
Fn
Get Info type = System Directory True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Get Info type = Hardware Information True 1
Fn
Process #10: cmd.exe
56 0
»
Information Value
ID #10
File Name c:\windows\system32\cmd.exe
Command Line cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:20, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:21
OS Process Information
»
Information Value
PID 0xbac
Parent PID 0xa9c (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BB0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000140000 0x00140000 0x00140fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c6fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory Readable, Writable True False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory Readable, Writable True False False -
private_0x0000000000200000 0x00200000 0x0020ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000210000 0x00210000 0x002d7fff Pagefile Backed Memory Readable True False False -
cscript.exe 0x002e0000 0x00301fff Memory Mapped File Readable, Writable, Executable False False False -
cscript.exe.mui 0x00310000 0x00312fff Memory Mapped File Readable, Writable False False False -
private_0x0000000000330000 0x00330000 0x0042ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000430000 0x00430000 0x00530fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000540000 0x00540000 0x0113ffff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001140000 0x01140000 0x012a2fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x012b0000 0x0157efff Memory Mapped File Readable False False False -
cmd.exe 0x4a090000 0x4a0dbfff Memory Mapped File Readable, Writable, Executable True False False -
winbrand.dll 0x6f550000 0x6f556fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (9)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\EEBsYm5\Desktop type = file_attributes True 2
Fn
Get Info cscript.exe type = file_attributes False 1
Fn
Open STD_OUTPUT_HANDLE - True 4
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 232, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\cscript.exe os_pid = 0xbd0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a090000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76f0ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76f13ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76f22732 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 141789 True 1
Fn
Environment (19)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 7
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #11: cscript.exe
81 0
»
Information Value
ID #11
File Name c:\windows\system32\cscript.exe
Command Line cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:21, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:20
OS Process Information
»
Information Value
PID 0xbd0
Parent PID 0xbac (c:\windows\system32\cmd.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BD4
0x BE4
0x BE8
0x BEC
0x BF0
0x BF8
0x C04
0x C08
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00140000 0x001a6fff Memory Mapped File Readable False False False -
pagefile_0x00000000001b0000 0x001b0000 0x00277fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000280000 0x00280000 0x00286fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000290000 0x00290000 0x00291fff Pagefile Backed Memory Readable, Writable True False False -
cscript.exe.mui 0x002a0000 0x002a2fff Memory Mapped File Readable, Writable False False False -
private_0x00000000002b0000 0x002b0000 0x002b0fff Private Memory Readable, Writable True False False -
private_0x00000000002c0000 0x002c0000 0x002c0fff Private Memory Readable, Writable True False False -
private_0x00000000002d0000 0x002d0000 0x0031ffff Private Memory Readable, Writable True False False -
cscript.exe 0x002d0000 0x002dbfff Memory Mapped File Readable True False False -
private_0x00000000002e0000 0x002e0000 0x0031ffff Private Memory Readable, Writable True False False -
private_0x0000000000320000 0x00320000 0x0041ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000420000 0x00420000 0x00520fff Pagefile Backed Memory Readable True False False -
rpcss.dll 0x00530000 0x0058bfff Memory Mapped File Readable False False False -
pagefile_0x0000000000530000 0x00530000 0x00530fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000540000 0x00540000 0x00540fff Pagefile Backed Memory Readable True False False -
retrive2742094931696724792.vbs 0x00550000 0x00550fff Memory Mapped File Readable True True False
...
rsaenh.dll 0x00550000 0x0058bfff Memory Mapped File Readable False False False -
private_0x0000000000550000 0x00550000 0x0055ffff Private Memory Readable, Writable True False False -
retrive2742094931696724792.vbs 0x00560000 0x00560fff Memory Mapped File Readable True True False
...
wbemdisp.tlb 0x00560000 0x0056efff Memory Mapped File Readable False False False -
private_0x00000000005c0000 0x005c0000 0x005cffff Private Memory Readable, Writable True False False -
cscript.exe 0x005f0000 0x00611fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000620000 0x00620000 0x0121ffff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001220000 0x01220000 0x012fefff Pagefile Backed Memory Readable True False False -
private_0x0000000001320000 0x01320000 0x0141ffff Private Memory Readable, Writable True False False -
private_0x0000000001420000 0x01420000 0x0148ffff Private Memory Readable, Writable True False False -
private_0x00000000014c0000 0x014c0000 0x015bffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x015c0000 0x0188efff Memory Mapped File Readable False False False -
private_0x0000000001940000 0x01940000 0x01a3ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000001a40000 0x01a40000 0x01e3ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000001f20000 0x01f20000 0x0201ffff Private Memory Readable, Writable True False False -
private_0x0000000002020000 0x02020000 0x0211ffff Private Memory Readable, Writable True False False -
private_0x0000000002120000 0x02120000 0x0228ffff Private Memory Readable, Writable True False False -
private_0x0000000002290000 0x02290000 0x0243ffff Private Memory Readable, Writable True False False -
private_0x00000000022f0000 0x022f0000 0x023effff Private Memory Readable, Writable True False False -
private_0x0000000002400000 0x02400000 0x0243ffff Private Memory Readable, Writable True False False -
private_0x0000000002460000 0x02460000 0x0255ffff Private Memory Readable, Writable True False False -
private_0x0000000002580000 0x02580000 0x0267ffff Private Memory Readable, Writable True False False -
wbemdisp.dll 0x6d3d0000 0x6d400fff Memory Mapped File Readable, Writable, Executable True False False -
scrobj.dll 0x6d740000 0x6d76cfff Memory Mapped File Readable, Writable, Executable True False False -
wmiutils.dll 0x6f390000 0x6f3a6fff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x6f3c0000 0x6f443fff Memory Mapped File Readable, Writable, Executable False False False -
wshext.dll 0x6f450000 0x6f465fff Memory Mapped File Readable, Writable, Executable True False False -
vbscript.dll 0x6f4e0000 0x6f54afff Memory Mapped File Readable, Writable, Executable True False False -
msisip.dll 0x6f560000 0x6f567fff Memory Mapped File Readable, Writable, Executable False False False -
wbemsvc.dll 0x6f7c0000 0x6f7cefff Memory Mapped File Readable, Writable, Executable False False False -
wbemprox.dll 0x6fa20000 0x6fa29fff Memory Mapped File Readable, Writable, Executable False False False -
ntdsapi.dll 0x6fa30000 0x6fa47fff Memory Mapped File Readable, Writable, Executable False False False -
fastprox.dll 0x6fa50000 0x6fae5fff Memory Mapped File Readable, Writable, Executable False False False -
wbemcomn.dll 0x6fc20000 0x6fc7bfff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x73da0000 0x73db2fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x740d0000 0x7410ffff Memory Mapped File Readable, Writable, Executable False False False -
version.dll 0x747c0000 0x747c8fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74ae0000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74d40000 0x74d55fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x751c0000 0x751cbfff Memory Mapped File Readable, Writable, Executable False False False -
sxs.dll 0x751d0000 0x7522efff Memory Mapped File Readable, Writable, Executable False False False -
rpcrtremote.dll 0x75260000 0x7526dfff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x752e0000 0x752ebfff Memory Mapped File Readable, Writable, Executable False False False -
wintrust.dll 0x752f0000 0x7531cfff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x75320000 0x7543cfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x75570000 0x761b9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x766d0000 0x76752fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76b40000 0x76bcefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x76d70000 0x76ecbfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory Readable, Writable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory Readable, Writable True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory Readable, Writable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
COM (11)
»
Operation Class Interface Additional Information Success Count Logfile
Create B54F3741-5B07-11CF-A4B0-00AA004A55E8 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 06290BD1-48AA-11D2-8432-006008C3FBFC E4D1C9B0-46E8-11D4-A2A6-00104BD35090 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WbemDefaultPathParser IWbemPath cls_context = CLSCTX_INPROC_SERVER True 5
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct True 1
Fn
File (6)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs type = size True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs type = size True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Read C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs size = 281, size_out = 281 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 108 True 1
Fn
Data
Registry (29)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CLASSES_ROOT\.vbs - True 1
Fn
Open Key HKEY_CLASSES_ROOT\VBSFile\ScriptEngine - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 212, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 212, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 212, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 110, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 237, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 110, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 32, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 32, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 49, type = REG_NONE False 1
Fn
Read Value HKEY_CLASSES_ROOT\.vbs data = VBSFile, type = REG_SZ True 1
Fn
Read Value HKEY_CLASSES_ROOT\VBSFile\ScriptEngine data = VBScript, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting value_name = Default Impersonation Level, data = 3 True 1
Fn
Module (19)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76ed0000 True 2
Fn
Load ole32.dll base_address = 0x76d70000 True 1
Fn
Load C:\Windows\system32\advapi32.dll base_address = 0x76fb0000 True 2
Fn
Get Handle c:\windows\system32\cscript.exe base_address = 0x5f0000 True 1
Fn
Get Filename c:\windows\system32\cscript.exe process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = HeapSetInformation, address_out = 0x76f24157 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x76db9d0b True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x76fd2102 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x76fd3352 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x76fd3825 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CreateBindCtx, address_out = 0x76db6d2c True 1
Fn
Get Address c:\windows\system32\ole32.dll function = MkParseDisplayName, address_out = 0x76d7cea9 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = DuplicateTokenEx, address_out = 0x76fbca24 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = BindMoniker, address_out = 0x76d7c6a7 True 1
Fn
Create Mapping C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs filename = C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs, protection = PAGE_READONLY, maximum_size = 281 True 1
Fn
Map C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ True 1
Fn
Window (2)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WSH-Timer, wndproc_parameter = 6038144 True 1
Fn
Set Attribute - class_name = WSH-Timer, index = 18446744073709551595, new_long = 6038144 False 1
Fn
System (14)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 2
Fn
Get Time type = System Time, time = 2018-02-24 20:29:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 141929 True 1
Fn
Get Time type = Ticks, time = 142023 True 1
Fn
Get Info type = Operating System True 4
Fn
Get Info type = Operating System True 1
Fn
Get Info type = System Directory True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Get Info type = Hardware Information True 1
Fn
Process #12: xcopy.exe
0 0
»
Information Value
ID #12
File Name c:\windows\system32\xcopy.exe
Command Line xcopy "C:\Program Files\Java\jre7" "C:\Users\EEBsYm5\AppData\Roaming\Oracle\" /e
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:21, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:20
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xbfc
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C00
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
private_0x0000000000070000 0x00070000 0x000affff Private Memory Readable, Writable True False False -
locale.nls 0x000b0000 0x00116fff Memory Mapped File Readable False False False -
private_0x0000000000160000 0x00160000 0x0016ffff Private Memory Readable, Writable True False False -
private_0x00000000001b0000 0x001b0000 0x002affff Private Memory Readable, Writable True False False -
pagefile_0x00000000002b0000 0x002b0000 0x00377fff Pagefile Backed Memory Readable True False False -
xcopy.exe 0x00550000 0x0055bfff Memory Mapped File Readable, Writable, Executable False False False -
ifsutil.dll 0x6d510000 0x6d536fff Memory Mapped File Readable, Writable, Executable False False False -
ulib.dll 0x6dae0000 0x6dafcfff Memory Mapped File Readable, Writable, Executable False False False -
cfgmgr32.dll 0x75440000 0x75466fff Memory Mapped File Readable, Writable, Executable False False False -
devobj.dll 0x75470000 0x75481fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
setupapi.dll 0x76490000 0x7662cfff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76b40000 0x76bcefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x76d70000 0x76ecbfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Process #13: cmd.exe
374 0
»
Information Value
ID #13
File Name c:\windows\system32\cmd.exe
Command Line cmd.exe
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:23, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:18
OS Process Information
»
Information Value
PID 0xc1c
Parent PID 0xa9c (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C20
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x0012ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000130000 0x00130000 0x00133fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000140000 0x00140000 0x00140fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000150000 0x00150000 0x00156fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000160000 0x00160000 0x00161fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory Readable, Writable True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory Readable, Writable True False False -
private_0x0000000000190000 0x00190000 0x0028ffff Private Memory Readable, Writable True False False -
locale.nls 0x00290000 0x002f6fff Memory Mapped File Readable False False False -
pagefile_0x0000000000300000 0x00300000 0x003c7fff Pagefile Backed Memory Readable True False False -
private_0x0000000000490000 0x00490000 0x0049ffff Private Memory Readable, Writable True False False -
pagefile_0x00000000004a0000 0x004a0000 0x005a0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000005b0000 0x005b0000 0x011affff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000011b0000 0x011b0000 0x01312fff Pagefile Backed Memory Readable True False False -
basebrd.dll 0x01320000 0x013e7fff Memory Mapped File Readable False False False -
pagefile_0x00000000013f0000 0x013f0000 0x017e2fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x017f0000 0x01abefff Memory Mapped File Readable False False False -
cmd.exe 0x4a750000 0x4a79bfff Memory Mapped File Readable, Writable, Executable True False False -
winbrand.dll 0x6f560000 0x6f566fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (332)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\EEBsYm5\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 11
Fn
Get Info STD_INPUT_HANDLE type = file_type True 5
Fn
Get Info STD_ERROR_HANDLE type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 27
Fn
Open STD_INPUT_HANDLE - True 141
Fn
Open STD_ERROR_HANDLE - True 2
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 131
Fn
Data
Read STD_INPUT_HANDLE size = 1, size_out = 0 False 1
Fn
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 63 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 25 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 131 True 1
Fn
Data
Write STD_ERROR_HANDLE size = 95 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 24 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 224, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a750000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76f0ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76f13ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76f22732 True 1
Fn
System (3)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:45 (UTC) True 1
Fn
Get Time type = Ticks, time = 144425 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (14)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 4
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Process #14: cmd.exe
374 0
»
Information Value
ID #14
File Name c:\windows\system32\cmd.exe
Command Line cmd.exe
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:34, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:07
OS Process Information
»
Information Value
PID 0xc74
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C78
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c6fff Pagefile Backed Memory Readable True False False -
private_0x00000000000d0000 0x000d0000 0x001cffff Private Memory Readable, Writable True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000001e0000 0x001e0000 0x002dffff Private Memory Readable, Writable True False False -
private_0x00000000002e0000 0x002e0000 0x002e0fff Private Memory Readable, Writable True False False -
private_0x00000000002f0000 0x002f0000 0x002f0fff Private Memory Readable, Writable True False False -
private_0x00000000003a0000 0x003a0000 0x003affff Private Memory Readable, Writable True False False -
pagefile_0x00000000003b0000 0x003b0000 0x00477fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000480000 0x00480000 0x00580fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000590000 0x00590000 0x0118ffff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001190000 0x01190000 0x012f2fff Pagefile Backed Memory Readable True False False -
basebrd.dll 0x01300000 0x013c7fff Memory Mapped File Readable False False False -
pagefile_0x00000000013d0000 0x013d0000 0x017c2fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x017d0000 0x01a9efff Memory Mapped File Readable False False False -
cmd.exe 0x4a090000 0x4a0dbfff Memory Mapped File Readable, Writable, Executable True False False -
winbrand.dll 0x6f540000 0x6f546fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (332)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\EEBsYm5\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 11
Fn
Get Info STD_INPUT_HANDLE type = file_type True 5
Fn
Get Info STD_ERROR_HANDLE type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 27
Fn
Open STD_INPUT_HANDLE - True 141
Fn
Open STD_ERROR_HANDLE - True 2
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 131
Fn
Data
Read STD_INPUT_HANDLE size = 1, size_out = 0 False 1
Fn
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 63 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 25 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 131 True 1
Fn
Data
Write STD_ERROR_HANDLE size = 95 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 24 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 224, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a090000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76f224c2 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76f0ac6c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76f13ea8 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76f22732 True 1
Fn
System (3)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:55 (UTC) True 1
Fn
Get Time type = Ticks, time = 154815 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (14)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 4
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\EEBsYm5\Desktop True 1
Fn
Process #15: reg.exe
9 0
»
Information Value
ID #15
File Name c:\windows\system32\reg.exe
Command Line reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v eUOfVMeBSPH /t REG_EXPAND_SZ /d "\"C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj\"" /f
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:37, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:04
OS Process Information
»
Information Value
PID 0xcec
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x CF0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000c0000 0x000c0000 0x000c6fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d1fff Pagefile Backed Memory Readable, Writable True False False -
reg.exe.mui 0x000e0000 0x000e8fff Memory Mapped File Readable, Writable False False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory Readable, Writable True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory Readable, Writable True False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory Readable, Writable True False False -
private_0x00000000001f0000 0x001f0000 0x002effff Private Memory Readable, Writable True False False -
pagefile_0x00000000002f0000 0x002f0000 0x003b7fff Pagefile Backed Memory Readable True False False -
kernelbase.dll.mui 0x003c0000 0x0047ffff Memory Mapped File Readable, Writable False False False -
private_0x0000000000490000 0x00490000 0x0049ffff Private Memory Readable, Writable True False False -
pagefile_0x00000000004a0000 0x004a0000 0x005a0fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x005b0000 0x0087efff Memory Mapped File Readable False False False -
reg.exe 0x00e00000 0x00e51fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000e60000 0x00e60000 0x01a5ffff Pagefile Backed Memory Readable True False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (2)
»
Operation Filename Additional Information Success Count Logfile
Get Info STD_OUTPUT_HANDLE type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Registry (4)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System - False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = eUOfVMeBSPH False 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = eUOfVMeBSPH, data = "C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj", size = 222, type = REG_EXPAND_SZ True 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\reg.exe base_address = 0xe00000 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:58 (UTC) True 1
Fn
Get Time type = Ticks, time = 158075 True 1
Fn
Process #16: attrib.exe
0 0
»
Information Value
ID #16
File Name c:\windows\system32\attrib.exe
Command Line attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl\*.*"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:37, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:04
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xcf4
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x CF8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
private_0x00000000000f0000 0x000f0000 0x0012ffff Private Memory Readable, Writable True False False -
private_0x0000000000160000 0x00160000 0x0025ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000260000 0x00260000 0x00327fff Pagefile Backed Memory Readable True False False -
private_0x00000000003d0000 0x003d0000 0x003dffff Private Memory Readable, Writable True False False -
attrib.exe 0x00a80000 0x00a86fff Memory Mapped File Readable, Writable, Executable False False False -
ulib.dll 0x6f4e0000 0x6f4fcfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Process #17: attrib.exe
0 0
»
Information Value
ID #17
File Name c:\windows\system32\attrib.exe
Command Line attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:37, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:04
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xcfc
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D00
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File Readable False False False -
private_0x00000000000f0000 0x000f0000 0x000fffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000100000 0x00100000 0x001c7fff Pagefile Backed Memory Readable True False False -
private_0x00000000001f0000 0x001f0000 0x0022ffff Private Memory Readable, Writable True False False -
private_0x0000000000310000 0x00310000 0x0040ffff Private Memory Readable, Writable True False False -
attrib.exe 0x00a80000 0x00a86fff Memory Mapped File Readable, Writable, Executable False False False -
ulib.dll 0x6ea40000 0x6ea5cfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Process #18: javaw.exe
1481 6
»
Information Value
ID #18
File Name c:\users\eebsym5\appdata\roaming\oracle\bin\javaw.exe
Command Line C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj
Initial Working Directory C:\Users\EEBsYm5\AppData\Local\Temp\
Monitor Start Time: 00:01:37, Reason: Child Process
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:01:04
OS Process Information
»
Information Value
PID 0xd04
Parent PID 0xa14 (c:\program files\java\jre7\bin\java.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D08
0x D40
0x D44
0x D48
0x D4C
0x D50
0x D58
0x D54
0x D60
0x D5C
0x D68
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00042fff Pagefile Backed Memory Readable True False False -
private_0x0000000000050000 0x00050000 0x00050fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000080000 0x00080000 0x00086fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000090000 0x00090000 0x00091fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000000a0000 0x000a0000 0x000a0fff Private Memory Readable True False False -
private_0x00000000000b0000 0x000b0000 0x001affff Private Memory Readable, Writable True False False -
private_0x00000000001b0000 0x001b0000 0x001fffff Private Memory Readable, Writable True False False -
locale.nls 0x00200000 0x00266fff Memory Mapped File Readable False False False -
pagefile_0x0000000000270000 0x00270000 0x00337fff Pagefile Backed Memory Readable True False False -
private_0x0000000000340000 0x00340000 0x00340fff Private Memory Readable, Writable True False False -
3332 0x00350000 0x0035ffff Memory Mapped File Readable, Writable True True False
...
private_0x0000000000360000 0x00360000 0x0036ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000370000 0x00370000 0x00470fff Pagefile Backed Memory Readable True False False -
private_0x0000000000480000 0x00480000 0x0058ffff Private Memory Readable, Writable True False False -
private_0x0000000000480000 0x00480000 0x0057ffff Private Memory Readable, Writable True False False -
private_0x0000000000580000 0x00580000 0x0058ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000590000 0x00590000 0x00982fff Pagefile Backed Memory Readable True False False -
private_0x0000000000990000 0x00990000 0x009effff Private Memory Readable, Writable True False False -
javaw.exe 0x009f0000 0x00a1efff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000a20000 0x00a20000 0x0161ffff Pagefile Backed Memory Readable True False False -
private_0x0000000001620000 0x01620000 0x0178ffff Private Memory Readable, Writable True False False -
private_0x0000000001620000 0x01620000 0x0175ffff Private Memory Readable, Writable True False False -
private_0x0000000001620000 0x01620000 0x0171ffff Private Memory Readable, Writable True False False -
private_0x0000000001720000 0x01720000 0x0175ffff Private Memory Readable, Writable True False False -
private_0x0000000001760000 0x01760000 0x0176ffff Private Memory Readable, Writable True False False -
private_0x0000000001770000 0x01770000 0x0177ffff Private Memory Readable, Writable True False False -
private_0x0000000001780000 0x01780000 0x0178ffff Private Memory Readable, Writable True False False -
private_0x0000000001790000 0x01790000 0x017bffff Private Memory Readable, Writable True False False -
private_0x00000000017d0000 0x017d0000 0x0181ffff Private Memory Readable, Writable True False False -
private_0x0000000001820000 0x01820000 0x0381ffff Private Memory Readable, Writable True False False -
private_0x0000000003820000 0x03820000 0x0389ffff Private Memory Readable, Writable True False False -
private_0x00000000038a0000 0x038a0000 0x0394ffff Private Memory Readable, Writable True False False -
private_0x0000000003950000 0x03950000 0x0399ffff Private Memory Readable, Writable True False False -
private_0x00000000039d0000 0x039d0000 0x03a1ffff Private Memory Readable, Writable True False False -
private_0x0000000003a50000 0x03a50000 0x03a9ffff Private Memory Readable, Writable True False False -
rsaenh.dll 0x03aa0000 0x03adbfff Memory Mapped File Readable False False False -
private_0x0000000003ae0000 0x03ae0000 0x03b2ffff Private Memory Readable, Writable True False False -
private_0x0000000003b30000 0x03b30000 0x03b7ffff Private Memory Readable, Writable True False False -
private_0x0000000003b90000 0x03b90000 0x03bdffff Private Memory Readable, Writable True False False -
private_0x0000000003c00000 0x03c00000 0x03c4ffff Private Memory Readable, Writable True False False -
private_0x0000000003c50000 0x03c50000 0x03caffff Private Memory Readable, Writable True False False -
private_0x0000000003c50000 0x03c50000 0x03c9ffff Private Memory Readable, Writable True False False -
private_0x0000000003ca0000 0x03ca0000 0x03caffff Private Memory Readable, Writable True False False -
private_0x0000000003ce0000 0x03ce0000 0x03d2ffff Private Memory Readable, Writable True False False -
private_0x0000000003d50000 0x03d50000 0x03d9ffff Private Memory Readable, Writable True False False -
private_0x0000000003da0000 0x03da0000 0x03f9ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x03fa0000 0x0426efff Memory Mapped File Readable False False False -
private_0x0000000004270000 0x04270000 0x0466ffff Private Memory Readable, Writable True False False -
private_0x0000000004670000 0x04670000 0x0476ffff Private Memory Readable, Writable True False False -
private_0x0000000004770000 0x04770000 0x0494ffff Private Memory Readable, Writable True False False -
private_0x0000000004770000 0x04770000 0x048fffff Private Memory Readable, Writable True False False -
private_0x0000000004770000 0x04770000 0x0486ffff Private Memory Readable, Writable True False False -
private_0x00000000048c0000 0x048c0000 0x048fffff Private Memory Readable, Writable True False False -
private_0x0000000004910000 0x04910000 0x0494ffff Private Memory Readable, Writable True False False -
private_0x0000000023860000 0x23860000 0x28daffff Private Memory Readable, Writable True False False -
private_0x0000000028db0000 0x28db0000 0x3385ffff Private Memory Readable, Writable True False False -
private_0x0000000033860000 0x33860000 0x3785ffff Private Memory Readable, Writable True False False -
classes.jsa 0x37860000 0x37c9ffff Memory Mapped File Readable True False False -
private_0x0000000037ca0000 0x37ca0000 0x3825ffff Private Memory Readable, Writable True False False -
classes.jsa 0x38260000 0x388affff Memory Mapped File Readable, Writable True False False -
private_0x00000000388b0000 0x388b0000 0x38e5ffff Private Memory Readable, Writable True False False -
classes.jsa 0x38e60000 0x390cffff Memory Mapped File Readable, Writable True False False -
private_0x00000000390d0000 0x390d0000 0x3925ffff Private Memory Readable, Writable True False False -
private_0x0000000039260000 0x39260000 0x3926ffff Private Memory Readable, Writable True False False -
private_0x0000000039270000 0x39270000 0x3965ffff Private Memory Readable, Writable True False False -
jvm.dll 0x6c3e0000 0x6c75ffff Memory Mapped File Readable, Writable, Executable True False False -
msvcr100.dll 0x6d350000 0x6d40efff Memory Mapped File Readable, Writable, Executable True False False -
sunec.dll 0x6d750000 0x6d76ffff Memory Mapped File Readable, Writable, Executable True False False -
sunmscapi.dll 0x6dad0000 0x6dad8fff Memory Mapped File Readable, Writable, Executable True False False -
net.dll 0x6dae0000 0x6daf3fff Memory Mapped File Readable, Writable, Executable True False False -
zip.dll 0x6ea40000 0x6ea52fff Memory Mapped File Readable, Writable, Executable True False False -
winmm.dll 0x6eae0000 0x6eb11fff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x6eb20000 0x6eb25fff Memory Mapped File Readable, Writable, Executable False False False -
nio.dll 0x6f3c0000 0x6f3cefff Memory Mapped File Readable, Writable, Executable True False False -
java.dll 0x6f4e0000 0x6f4fffff Memory Mapped File Readable, Writable, Executable True False False -
verify.dll 0x6f540000 0x6f54bfff Memory Mapped File Readable, Writable, Executable True False False -
wsock32.dll 0x71ce0000 0x71ce6fff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x73380000 0x733b7fff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x734c0000 0x734c6fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x734d0000 0x734ebfff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x735e0000 0x735effff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x73c20000 0x73c27fff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x73c30000 0x73c41fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x73c60000 0x73c6ffff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x74250000 0x743edfff Memory Mapped File Readable, Writable, Executable False False False -
wshtcpip.dll 0x74850000 0x74854fff Memory Mapped File Readable, Writable, Executable False False False -
userenv.dll 0x74920000 0x74936fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74ae0000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74bc0000 0x74c03fff Memory Mapped File Readable, Writable, Executable False False False -
wship6.dll 0x74cf0000 0x74cf5fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x74d00000 0x74d3bfff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74d40000 0x74d55fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x751c0000 0x751cbfff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x75270000 0x7527afff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x752e0000 0x752ebfff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x75320000 0x7543cfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75490000 0x754d9fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x761c0000 0x76260fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x76470000 0x76488fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x76630000 0x76664fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x76920000 0x7693efff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76970000 0x769bdfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x769c0000 0x76a88fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x76a90000 0x76ae6fff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x76bd0000 0x76c6cfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76ed0000 0x76fa3fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x76fb0000 0x7704ffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x77050000 0x7711bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77120000 0x7725bfff Memory Mapped File Readable, Writable, Executable False False False -
psapi.dll 0x77260000 0x77264fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77270000 0x77275fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x77290000 0x77299fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x772a0000 0x7734bfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77360000 0x77360fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory Readable, Writable True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd5fff Private Memory Readable, Writable True False False -
private_0x000000007ffd6000 0x7ffd6000 0x7ffd6fff Private Memory Readable, Writable True False False -
private_0x000000007ffd7000 0x7ffd7000 0x7ffd7fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory Readable, Writable True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory Readable, Writable True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory Readable, Writable True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory Readable, Writable True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Host Behavior
File (1379)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5\3332 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Oracle\lib\tzmappings desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create Directory C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5 - False 1
Fn
Get Info STD_INPUT_HANDLE type = file_type True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 2
Fn
Get Info STD_ERROR_HANDLE type = file_type True 2
Fn
Get Info - type = file_type True 8
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Oracle\lib\endorsed type = file_attributes False 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5 type = file_attributes True 3
Fn
Get Info - type = size, size_out = 829 True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Oracle\lib\ext type = file_attributes True 1
Fn
Get Info C:\Windows\Sun\Java\lib\ext type = file_attributes False 1
Fn
Get Info - type = size, size_out = 2190 True 1
Fn
Get Info C:\Users\EEBsYm5\AppData\Roaming\Oracle\lib\tzmappings type = file_type True 1
Fn
Get Info - type = size, size_out = 3070 True 1
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Open STD_OUTPUT_HANDLE - True 2
Fn
Open STD_ERROR_HANDLE - True 2
Fn
Read - size = 22, size_out = 22 True 1
Fn
Data
Read - size = 1024, size_out = 1024 True 1
Fn
Data
Read - size = 30, size_out = 30 True 468
Fn
Data
Read - size = 173, size_out = 173 True 6
Fn
Data
Read - size = 4096, size_out = 686 True 1
Fn
Data
Read - size = 4096, size_out = 0 True 1
Fn
Read - size = 2416, size_out = 2416 True 1
Fn
Data
Read - size = 128, size_out = 128 True 7
Fn
Data
Read - size = 7, size_out = 7 True 1
Fn
Data
Read - size = 1781193, size_out = 1781193 True 1
Fn
Read - size = 160, size_out = 160 True 377
Fn
Data
Read - size = 709, size_out = 709 True 1
Fn
Data
Read - size = 277, size_out = 277 True 1
Fn
Data
Read - size = 2305, size_out = 2305 True 1
Fn
Data
Read - size = 1022, size_out = 1022 True 1
Fn
Data
Read - size = 2882, size_out = 2882 True 1
Fn
Data
Read - size = 104, size_out = 104 True 1
Fn
Data
Read - size = 728, size_out = 728 True 1
Fn
Data
Read - size = 345, size_out = 345 True 1
Fn
Data
Read - size = 815, size_out = 815 True 1
Fn
Data
Read - size = 1105, size_out = 1105 True 1
Fn
Data
Read - size = 1761, size_out = 1761 True 1
Fn
Data
Read - size = 514, size_out = 514 True 1
Fn
Data
Read - size = 970, size_out = 970 True 1
Fn
Data
Read - size = 2589, size_out = 2589 True 1
Fn
Data
Read - size = 1008, size_out = 1008 True 1
Fn
Data
Read - size = 2004, size_out = 2004 True 1
Fn
Data
Read - size = 669, size_out = 669 True 1
Fn
Data
Read - size = 962, size_out = 962 True 1
Fn
Data
Read - size = 934, size_out = 934 True 1
Fn
Data
Read - size = 1720, size_out = 1720 True 1
Fn
Data
Read - size = 1012, size_out = 1012 True 2
Fn
Data
Read - size = 3028, size_out = 3028 True 1
Fn
Data
Read - size = 1111, size_out = 1111 True 2
Fn
Data
Read - size = 2976, size_out = 2976 True 1
Fn
Data
Read - size = 672, size_out = 672 True 2
Fn
Data
Read - size = 1189, size_out = 1189 True 1
Fn
Data
Read - size = 2646, size_out = 2646 True 1
Fn
Data
Read - size = 966, size_out = 966 True 1
Fn
Data
Read - size = 800, size_out = 800 True 1
Fn
Data
Read - size = 1280, size_out = 1280 True 1
Fn
Data
Read - size = 609, size_out = 609 True 2
Fn
Data
Read - size = 628, size_out = 628 True 1
Fn
Data
Read - size = 328, size_out = 328 True 2
Fn
Data
Read - size = 327, size_out = 327 True 1
Fn
Data
Read - size = 12212, size_out = 12212 True 1
Fn
Data
Read - size = 748, size_out = 748 True 1
Fn
Data
Read - size = 6630, size_out = 6630 True 1
Fn
Data
Read - size = 3392, size_out = 3392 True 1
Fn
Data
Read - size = 13079, size_out = 13079 True 2
Fn
Data
Read - size = 2563, size_out = 2563 True 2
Fn
Data
Read - size = 476, size_out = 476 True 1
Fn
Data
Read - size = 2703, size_out = 2703 True 1
Fn
Data
Read - size = 753, size_out = 753 True 1
Fn
Data
Read - size = 3690, size_out = 3690 True 1
Fn
Data
Read - size = 3361, size_out = 3361 True 1
Fn
Data
Read - size = 3599, size_out = 3599 True 1
Fn
Data
Read - size = 260, size_out = 260 True 1
Fn
Data
Read - size = 1899, size_out = 1899 True 1
Fn
Data
Read - size = 678, size_out = 678 True 1
Fn
Data
Read - size = 1909, size_out = 1909 True 1
Fn
Data
Read - size = 670, size_out = 670 True 1
Fn
Data
Read - size = 762, size_out = 762 True 1
Fn
Data
Read - size = 269, size_out = 269 True 3
Fn
Data
Read - size = 480, size_out = 480 True 1
Fn
Data
Read - size = 645, size_out = 645 True 1
Fn
Data
Read - size = 573, size_out = 573 True 1
Fn
Data
Read - size = 535, size_out = 535 True 1
Fn
Data
Read - size = 546, size_out = 546 True 1
Fn
Data
Read - size = 5358, size_out = 5358 True 1
Fn
Data
Read - size = 2540, size_out = 2540 True 1
Fn
Data
Read - size = 486, size_out = 486 True 1
Fn
Data
Read - size = 703, size_out = 703 True 1
Fn
Data
Read - size = 740, size_out = 740 True 1
Fn
Data
Read - size = 802, size_out = 802 True 1
Fn
Data
Read - size = 1127, size_out = 1127 True 2
Fn
Data
Read - size = 33985, size_out = 33985 True 1
Fn
Data
Read - size = 92, size_out = 92 True 2
Fn
Data
Read - size = 1663, size_out = 1663 True 2
Fn
Data
Read - size = 1453, size_out = 1453 True 1
Fn
Data
Read - size = 3061, size_out = 3061 True 1
Fn
Data
Read - size = 716, size_out = 716 True 1
Fn
Data
Read - size = 214, size_out = 214 True 1
Fn
Data
Read - size = 545, size_out = 545 True 1
Fn
Data
Read - size = 718, size_out = 718 True 2
Fn
Data
Read - size = 10050, size_out = 10050 True 1
Fn
Data
Read - size = 647, size_out = 647 True 1
Fn
Data
Read - size = 270, size_out = 270 True 1
Fn
Data
Read - size = 2524, size_out = 2524 True 1
Fn
Data
Read - size = 1399, size_out = 1399 True 1
Fn
Data
Read - size = 2750, size_out = 2750 True 1
Fn
Data
Read - size = 6082, size_out = 6082 True 1
Fn
Data
Read - size = 34919, size_out = 34919 True 1
Fn
Data
Read - size = 959, size_out = 959 True 1
Fn
Data
Read - size = 737, size_out = 737 True 1
Fn
Data
Read - size = 62696, size_out = 62696 True 1
Fn
Data
Read - size = 4963, size_out = 4963 True 1
Fn
Data
Read - size = 585, size_out = 585 True 2
Fn
Data
Read - size = 1385, size_out = 1385 True 1
Fn
Data
Read - size = 294, size_out = 294 True 1
Fn
Data
Read - size = 33801, size_out = 33801 True 1
Fn
Data
Read - size = 154, size_out = 154 True 1
Fn
Data
Read - size = 348, size_out = 348 True 1
Fn
Data
Read - size = 1695, size_out = 1695 True 1
Fn
Data
Read - size = 1902, size_out = 1902 True 1
Fn
Data
Read - size = 302, size_out = 302 True 1
Fn
Data
Read - size = 45824, size_out = 45824 True 1
Fn
Data
Read - size = 1188, size_out = 1188 True 1
Fn
Data
Read - size = 3195, size_out = 3195 True 1
Fn
Data
Read - size = 3099, size_out = 3099 True 1
Fn
Data
Read - size = 851, size_out = 851 True 1
Fn
Data
Read - size = 1462, size_out = 1462 True 1
Fn
Data
Read - size = 3589, size_out = 3589 True 1
Fn
Data
Read - size = 402, size_out = 402 True 1
Fn
Data
Read - size = 1366, size_out = 1366 True 1
Fn
Data
Read - size = 151, size_out = 151 True 2
Fn
Data
Read - size = 2327, size_out = 2327 True 1
Fn
Data
Read - size = 2682, size_out = 2682 True 1
Fn
Data
Read - size = 3211, size_out = 3211 True 1
Fn
Data
Read - size = 6372, size_out = 6372 True 1
Fn
Data
Read - size = 8606, size_out = 8606 True 1
Fn
Data
Read - size = 360, size_out = 360 True 1
Fn
Data
Read - size = 4102, size_out = 4102 True 1
Fn
Data
Read - size = 2132, size_out = 2132 True 1
Fn
Data
Read - size = 12227, size_out = 12227 True 1
Fn
Data
Read - size = 1230, size_out = 1230 True 1
Fn
Data
Read - size = 4933, size_out = 4933 True 1
Fn
Data
Read - size = 4365, size_out = 4365 True 1
Fn
Data
Read - size = 890, size_out = 890 True 1
Fn
Data
Read - size = 12321, size_out = 12321 True 1
Fn
Data
Read - size = 5865, size_out = 5865 True 1
Fn
Data
Read - size = 11499, size_out = 11499 True 1
Fn
Data
Read - size = 330, size_out = 330 True 1
Fn
Data
Read - size = 27736, size_out = 27736 True 1
Fn
Data
Read - size = 12797, size_out = 12797 True 1
Fn
Data
Read - size = 2945, size_out = 2945 True 1
Fn
Data
Read - size = 4616, size_out = 4616 True 1
Fn
Data
Read - size = 21515, size_out = 21515 True 1
Fn
Data
Read - size = 1396, size_out = 1396 True 1
Fn
Data
Read - size = 582, size_out = 582 True 1
Fn
Data
Read - size = 2709, size_out = 2709 True 1
Fn
Data
Read - size = 2124, size_out = 2124 True 1
Fn
Data
Read - size = 284, size_out = 284 True 1
Fn
Data
Read - size = 14716, size_out = 14716 True 1
Fn
Data
Read - size = 2111, size_out = 2111 True 1
Fn
Data
Read - size = 8292, size_out = 8292 True 1
Fn
Data
Read - size = 6007, size_out = 6007 True 1
Fn
Data
Read - size = 2905, size_out = 2905 True 1
Fn
Data
Read - size = 937, size_out = 937 True 1
Fn
Data
Read - size = 1544, size_out = 1544 True 1
Fn
Data
Read - size = 12572, size_out = 12572 True 1
Fn
Data
Read - size = 1904, size_out = 1904 True 1
Fn
Data
Read - size = 2008, size_out = 2008 True 1
Fn
Data
Read - size = 783, size_out = 783 True 1
Fn
Data
Read - size = 832, size_out = 832 True 1
Fn
Data
Read - size = 76, size_out = 76 True 2
Fn
Data
Read - size = 6363, size_out = 6363 True 1
Fn
Data
Read - size = 9943, size_out = 9943 True 1
Fn
Data
Read - size = 596, size_out = 596 True 1
Fn
Data
Read - size = 612, size_out = 612 True 1
Fn
Data
Read - size = 544, size_out = 544 True 2
Fn
Data
Read - size = 697, size_out = 697 True 1
Fn
Data
Read - size = 604, size_out = 604 True 1
Fn
Data
Read - size = 591, size_out = 591 True 1
Fn
Data
Read - size = 452, size_out = 452 True 1
Fn
Data
Read - size = 586, size_out = 586 True 1
Fn
Data
Read - size = 525, size_out = 525 True 1
Fn
Data
Read - size = 1974, size_out = 1974 True 1
Fn
Data
Read - size = 1159, size_out = 1159 True 1
Fn
Data
Read - size = 426, size_out = 426 True 1
Fn
Data
Read - size = 7100, size_out = 7100 True 1
Fn
Data
Read - size = 229, size_out = 229 True 1
Fn
Data
Read - size = 366, size_out = 366 True 1
Fn
Data
Read - size = 1120, size_out = 1120 True 1
Fn
Data
Read - size = 3241, size_out = 3241 True 1
Fn
Data
Read - size = 784, size_out = 784 True 1
Fn
Data
Read - size = 1886, size_out = 1886 True 1
Fn
Data
Read - size = 2962, size_out = 2962 True 1
Fn
Data
Read - size = 632, size_out = 632 True 1
Fn
Data
Read - size = 5472, size_out = 5472 True 1
Fn
Data
Read - size = 10775, size_out = 10775 True 1
Fn
Data
Read - size = 6736, size_out = 6736 True 1
Fn
Data
Read - size = 11754, size_out = 11754 True 1
Fn
Data
Read - size = 4772, size_out = 4772 True 1
Fn
Data
Read - size = 3581, size_out = 3581 True 1
Fn
Data
Read - size = 5154, size_out = 5154 True 1
Fn
Data
Read - size = 6596, size_out = 6596 True 1
Fn
Data
Read - size = 6452, size_out = 6452 True 1
Fn
Data
Read - size = 483, size_out = 483 True 1
Fn
Data
Read - size = 375, size_out = 375 True 1
Fn
Data
Read - size = 549, size_out = 549 True 1
Fn
Data
Read - size = 598, size_out = 598 True 1
Fn
Data
Read - size = 3389, size_out = 3389 True 1
Fn
Data
Read - size = 2486, size_out = 2486 True 1
Fn
Data
Read - size = 8998, size_out = 8998 True 1
Fn
Data
Read - size = 4936, size_out = 4936 True 1
Fn
Data
Read - size = 2439, size_out = 2439 True 1
Fn
Data
Read - size = 2652, size_out = 2652 True 1
Fn
Data
Read - size = 213, size_out = 213 True 2
Fn
Data
Read - size = 550, size_out = 550 True 2
Fn
Data
Read - size = 164, size_out = 164 True 1
Fn
Data
Read - size = 186, size_out = 186 True 1
Fn
Data
Read - size = 551, size_out = 551 True 1
Fn
Data
Read - size = 613, size_out = 613 True 1
Fn
Data
Read - size = 7508, size_out = 7508 True 1
Fn
Data
Read - size = 135, size_out = 135 True 1
Fn
Data
Read - size = 4419, size_out = 4419 True 1
Fn
Data
Read - size = 1640, size_out = 1640 True 1
Fn
Data
Read - size = 337, size_out = 337 True 1
Fn
Data
Read - size = 54044, size_out = 54044 True 1
Fn
Data
Read - size = 243, size_out = 243 True 1
Fn
Data
Read - size = 15023, size_out = 15023 True 1
Fn
Data
Read - size = 3685, size_out = 3685 True 1
Fn
Data
Read - size = 2898, size_out = 2898 True 1
Fn
Data
Read - size = 6136, size_out = 6136 True 1
Fn
Data
Read - size = 5326, size_out = 5326 True 1
Fn
Data
Read - size = 2173, size_out = 2173 True 1
Fn
Data
Read - size = 6819, size_out = 6819 True 1
Fn
Data
Read - size = 11034, size_out = 11034 True 1
Fn
Data
Read - size = 2040, size_out = 2040 True 1
Fn
Data
Read - size = 1920, size_out = 1920 True 1
Fn
Data
Read - size = 6611, size_out = 6611 True 1
Fn
Data
Read - size = 1102, size_out = 1102 True 1
Fn
Data
Read - size = 2218, size_out = 2218 True 1
Fn
Data
Read - size = 1308, size_out = 1308 True 1
Fn
Data
Read - size = 2347, size_out = 2347 True 1
Fn
Data
Read - size = 1558, size_out = 1558 True 1
Fn
Data
Read - size = 7623, size_out = 7623 True 1
Fn
Data
Read - size = 2853, size_out = 2853 True 1
Fn
Data
Read - size = 1485, size_out = 1485 True 1
Fn
Data
Read - size = 755, size_out = 755 True 1
Fn
Data
Read - size = 177, size_out = 177 True 1
Fn
Data
Read - size = 1737, size_out = 1737 True 1
Fn
Data
Read - size = 2251, size_out = 2251 True 1
Fn
Data
Read - size = 2801, size_out = 2801 True 1
Fn
Data
Read - size = 1075, size_out = 1075 True 1
Fn
Data
Read - size = 2301, size_out = 2301 True 1
Fn
Data
Read - size = 2770, size_out = 2770 True 1
Fn
Data
Read - size = 1827, size_out = 1827 True 1
Fn
Data
Read - size = 1966, size_out = 1966 True 1
Fn
Data
Read - size = 1434, size_out = 1434 True 1
Fn
Data
Read - size = 454, size_out = 454 True 1
Fn
Data
Read - size = 5439, size_out = 5439 True 1
Fn
Data
Read - size = 619, size_out = 619 True 1
Fn
Data
Read - size = 10470, size_out = 10470 True 1
Fn
Data
Read - size = 3596, size_out = 3596 True 5
Fn
Data
Read - size = 3529, size_out = 3529 True 3
Fn
Data
Read - size = 1320, size_out = 1320 True 3
Fn
Data
Read - size = 735, size_out = 735 True 2
Fn
Data
Read - size = 817, size_out = 817 True 1
Fn
Data
Read - size = 331, size_out = 331 True 2
Fn
Data
Read - size = 2357, size_out = 2357 True 1
Fn
Data
Read - size = 187, size_out = 187 True 1
Fn
Data
Read - size = 3665, size_out = 3665 True 2
Fn
Data
Read - size = 3856, size_out = 3856 True 2
Fn
Data
Read - size = 333, size_out = 333 True 1
Fn
Data
Read - size = 2915, size_out = 2915 True 1
Fn
Data
Read - size = 350, size_out = 350 True 1
Fn
Data
Read - size = 1319, size_out = 1319 True 1
Fn
Data
Read - size = 4096, size_out = 4096 True 2
Fn
Data
Read - size = 47, size_out = 47 True 1
Fn
Data
Read - size = 115, size_out = 115 True 1
Fn
Data
Read - size = 502, size_out = 502 True 1
Fn
Data
Read - size = 807, size_out = 807 True 1
Fn
Data
Read - size = 530, size_out = 530 True 1
Fn
Data
Read - size = 1987, size_out = 1987 True 1
Fn
Data
Read - size = 706, size_out = 706 True 1
Fn
Data
Read - size = 3777, size_out = 3777 True 1
Fn
Data
Read - size = 3082, size_out = 3082 True 1
Fn
Data
Read - size = 4270, size_out = 4270 True 1
Fn
Data
Read - size = 8559, size_out = 8559 True 1
Fn
Data
Read - size = 6031, size_out = 6031 True 1
Fn
Data
Read - size = 671, size_out = 671 True 1
Fn
Data
Read - size = 1961, size_out = 1961 True 1
Fn
Data
Read - size = 3287, size_out = 3287 True 1
Fn
Data
Read - size = 383, size_out = 383 True 1
Fn
Data
Read - size = 3661, size_out = 3661 True 1
Fn
Data
Read - size = 389, size_out = 389 True 1
Fn
Data
Read - size = 411, size_out = 411 True 1
Fn
Data
Read - size = 194, size_out = 194 True 2
Fn
Data
Read - size = 242, size_out = 242 True 1
Fn
Data
Read - size = 1318, size_out = 1318 True 1
Fn
Data
Read - size = 153, size_out = 153 True 1
Fn
Data
Read - size = 209, size_out = 209 True 1
Fn
Data
Read - size = 883, size_out = 883 True 1
Fn
Data
Read - size = 994, size_out = 994 True 1
Fn
Data
Read - size = 780, size_out = 780 True 1
Fn
Data
Read - size = 206, size_out = 206 True 1
Fn
Data
Read - size = 533, size_out = 533 True 1
Fn
Data
Read - size = 775, size_out = 775 True 1
Fn
Data
Read - size = 301, size_out = 301 True 1
Fn
Data
Read - size = 8192, size_out = 8192 True 3
Fn
Data
Read - size = 1137, size_out = 1137 True 2
Fn
Data
Read - size = 1486, size_out = 1486 True 1
Fn
Data
Read - size = 1009, size_out = 1009 True 1
Fn
Data
Read - size = 1052, size_out = 1052 True 1
Fn
Data
Read - size = 1438, size_out = 1438 True 1
Fn
Data
Read - size = 2684, size_out = 2684 True 1
Fn
Data
Read - size = 157, size_out = 157 True 1
Fn
Data
Read - size = 902, size_out = 902 True 1
Fn
Data
Read - size = 1516, size_out = 1516 True 1
Fn
Data
Read - size = 925, size_out = 925 True 1
Fn
Data
Read - size = 1403, size_out = 1403 True 1
Fn
Data
Read - size = 684, size_out = 684 True 1
Fn
Data
Read - size = 2171, size_out = 2171 True 1
Fn
Data
Read - size = 1421, size_out = 1421 True 1
Fn
Data
Read - size = 694, size_out = 694 True 1
Fn
Data
Read - size = 171, size_out = 171 True 1
Fn
Data
Read - size = 814, size_out = 814 True 1
Fn
Data
Read - size = 608, size_out = 608 True 1
Fn
Data
Read - size = 677, size_out = 677 True 1
Fn
Data
Read - size = 274, size_out = 274 True 2
Fn
Data
Read - size = 1343, size_out = 1343 True 1
Fn
Data
Read - size = 541, size_out = 541 True 1
Fn
Data
Read - size = 2912, size_out = 2912 True 1
Fn
Data
Read - size = 1249, size_out = 1249 True 1
Fn
Data
Read - size = 1311, size_out = 1311 True 1
Fn
Data
Read - size = 265, size_out = 265 True 1
Fn
Data
Read - size = 1605, size_out = 1605 True 1
Fn
Data
Read - size = 557, size_out = 557 True 1
Fn
Data
Read - size = 2789, size_out = 2789 True 2
Fn
Data
Read - size = 230, size_out = 230 True 1
Fn
Data
Read - size = 1133, size_out = 1133 True 1
Fn
Data
Read - size = 321, size_out = 321 True 1
Fn
Data
Read - size = 190, size_out = 190 True 1
Fn
Data
Read - size = 3185, size_out = 3185 True 1
Fn
Data
Read - size = 4522, size_out = 4522 True 1
Fn
Data
Read - size = 978, size_out = 978 True 2
Fn
Data
Read - size = 839, size_out = 839 True 1
Fn
Data
Read - size = 1309, size_out = 1309 True 1
Fn
Data
Read - size = 1312, size_out = 1312 True 1
Fn
Data
Read - size = 696, size_out = 696 True 1
Fn
Data
Read - size = 3200, size_out = 3200 True 1
Fn
Data
Read - size = 803, size_out = 803 True 1
Fn
Data
Read - size = 207, size_out = 207 True 1
Fn
Data
Read - size = 823, size_out = 823 True 1
Fn
Data
Read - size = 824, size_out = 824 True 1
Fn
Data
Read - size = 349, size_out = 349 True 2
Fn
Data
Read - size = 2972, size_out = 2972 True 1
Fn
Data
Read - size = 2977, size_out = 2977 True 1
Fn
Data
Read - size = 611, size_out = 611 True 1
Fn
Data
Read - size = 668, size_out = 668 True 1
Fn
Data
Read - size = 283, size_out = 283 True 1
Fn
Data
Read - size = 1118, size_out = 1118 True 1
Fn
Data
Read - size = 834, size_out = 834 True 1
Fn
Data
Read - size = 769, size_out = 769 True 1
Fn
Data
Read - size = 1478, size_out = 1478 True 1
Fn
Data
Read - size = 1298, size_out = 1298 True 1
Fn
Data
Read - size = 1655, size_out = 1655 True 1
Fn
Data
Read - size = 984, size_out = 984 True 1
Fn
Data
Read - size = 3278, size_out = 3278 True 1
Fn
Data
Read - size = 833, size_out = 833 True 1
Fn
Data
Read - size = 1450, size_out = 1450 True 1
Fn
Data
Read - size = 1081, size_out = 1081 True 1
Fn
Data
Read - size = 922, size_out = 922 True 1
Fn
Data
Read - size = 5457, size_out = 5457 True 1
Fn
Data
Read - size = 1143, size_out = 1143 True 2
Fn
Data
Read - size = 2597, size_out = 2597 True 1
Fn
Data
Read - size = 325, size_out = 325 True 1
Fn
Data
Read - size = 271, size_out = 271 True 1
Fn
Data
Read - size = 1084, size_out = 1084 True 1
Fn
Data
Read - size = 4495, size_out = 4495 True 1
Fn
Data
Read - size = 1404, size_out = 1404 True 1
Fn
Data
Read - size = 5963, size_out = 5963 True 1
Fn
Data
Read - size = 1218, size_out = 1218 True 1
Fn
Data
Read - size = 666, size_out = 666 True 1
Fn
Data
Read - size = 2371, size_out = 2371 True 1
Fn
Data
Read - size = 1686, size_out = 1686 True 1
Fn
Data
Read - size = 1029, size_out = 1029 True 2
Fn
Data
Read - size = 306, size_out = 306 True 1
Fn
Data
Read - size = 1459, size_out = 1459 True 1
Fn
Data
Read - size = 282, size_out = 282 True 1
Fn
Data
Read - size = 3227, size_out = 3227 True 1
Fn
Data
Read - size = 5122, size_out = 5122 True 1
Fn
Data
Read - size = 285, size_out = 285 True 1
Fn
Data
Read - size = 889, size_out = 889 True 1
Fn
Data
Read - size = 5463, size_out = 5463 True 1
Fn
Data
Read - size = 23927, size_out = 23927 True 1
Fn
Data
Read - size = 1227, size_out = 1227 True 1
Fn
Data
Read - size = 761, size_out = 761 True 1
Fn
Data
Read - size = 107, size_out = 107 True 1
Fn
Data
Read - size = 2146, size_out = 2146 True 1
Fn
Data
Read - size = 975, size_out = 975 True 2
Fn
Data
Read - size = 2114, size_out = 2114 True 1
Fn
Data
Read - size = 3247, size_out = 3247 True 1
Fn
Data
Read - size = 143, size_out = 143 True 1
Fn
Data
Read - size = 6100, size_out = 6100 True 1
Fn
Data
Read - size = 3956, size_out = 3956 True 1
Fn
Data
Read - size = 2573, size_out = 2573 True 1
Fn
Data
Read - size = 3553, size_out = 3553 True 1
Fn
Data
Read - size = 2430, size_out = 2430 True 1
Fn
Data
Read - size = 663, size_out = 663 True 1
Fn
Data
Read - size = 1208, size_out = 1208 True 1
Fn
Data
Read - size = 7927, size_out = 7927 True 1
Fn
Data
Read - size = 384, size_out = 384 True 1
Fn
Data
Read - size = 78, size_out = 78 True 1
Fn
Data
Read - size = 527, size_out = 527 True 1
Fn
Data
Read - size = 7991, size_out = 7991 True 1
Fn
Data
Read - size = 704, size_out = 704 True 1
Fn
Data
Read - size = 8401, size_out = 8401 True 1
Fn
Data
Read - size = 708, size_out = 708 True 1
Fn
Data
Read - size = 2656, size_out = 2656 True 1
Fn
Data
Read - size = 588, size_out = 588 True 1
Fn
Data
Read - size = 2520, size_out = 2520 True 1
Fn
Data
Read - size = 19213, size_out = 19213 True 1
Fn
Data
Read - size = 745, size_out = 745 True 1
Fn
Data
Read - size = 332, size_out = 332 True 1
Fn
Data
Read - size = 3606, size_out = 3606 True 1
Fn
Data
Read - size = 403, size_out = 403 True 1
Fn
Data
Read - size = 3515, size_out = 3515 True 1
Fn
Data
Read - size = 2163, size_out = 2163 True 1
Fn
Data
Read - size = 179, size_out = 179 True 1
Fn
Data
Read - size = 2096, size_out = 2096 True 1
Fn
Data
Read - size = 3837, size_out = 3837 True 1
Fn
Data
Read - size = 40389, size_out = 40389 True 1
Fn
Data
Read - size = 5468, size_out = 5468 True 1
Fn
Data
Read - size = 1825, size_out = 1825 True 1
Fn
Data
Read - size = 809, size_out = 809 True 1
Fn
Data
Read - size = 854, size_out = 854 True 1
Fn
Data
Read - size = 2701, size_out = 2701 True 1
Fn
Data
Read - size = 2950, size_out = 2950 True 1
Fn
Data
Read - size = 1198, size_out = 1198 True 1
Fn
Data
Read - size = 1001, size_out = 1001 True 1
Fn
Data
Read - size = 680, size_out = 680 True 1
Fn
Data
Read - size = 1086, size_out = 1086 True 1
Fn
Data
Read - size = 792, size_out = 792 True 2
Fn
Data
Read - size = 1194, size_out = 1194 True 1
Fn
Data
Read - size = 736, size_out = 736 True 1
Fn
Data
Read - size = 3605, size_out = 3605 True 1
Fn
Data
Read - size = 12368, size_out = 12368 True 1
Fn
Data
Read - size = 197, size_out = 197 True 1
Fn
Data
Read - size = 15733, size_out = 15733 True 1
Fn
Data
Read - size = 4431, size_out = 4431 True 1
Fn
Data
Read - size = 973, size_out = 973 True 1
Fn
Data
Read - size = 4050, size_out = 4050 True 1
Fn
Data
Read - size = 26461, size_out = 26461 True 1
Fn
Data
Read - size = 4540, size_out = 4540 True 1
Fn
Data
Read - size = 1995, size_out = 1995 True 1
Fn
Data
Read - size = 1261, size_out = 1261 True 1
Fn
Data
Read - size = 4115, size_out = 4115 True 1
Fn
Data
Read - size = 2598, size_out = 2598 True 1
Fn
Data
Read - size = 11029, size_out = 11029 True 1
Fn
Data
Read - size = 296, size_out = 296 True 1
Fn
Data
Read - size = 1028, size_out = 1028 True 1
Fn
Data
Read - size = 17440, size_out = 17440 True 1
Fn
Data
Read - size = 3033, size_out = 3033 True 1
Fn
Data
Read - size = 861, size_out = 861 True 1
Fn
Data
Read - size = 686, size_out = 686 True 1
Fn
Data
Registry (6)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders value_name = Desktop, data = C:\Users\EEBsYm5\Desktop, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation value_name = DisableAutoDaylightTimeSet, data = 100, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation value_name = DynamicDaylightTimeDisabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation value_name = TimeZoneKeyName, data = Greenland Standard Time, type = REG_SZ True 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Open c:\program files\java\jre7\bin\java.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module (43)
»
Operation Module Additional Information Success Count Logfile
Load C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\client\jvm.dll base_address = 0x6c3e0000 True 1
Fn
Load C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\verify.dll base_address = 0x6f540000 True 1
Fn
Load C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\java.dll base_address = 0x6f4e0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76ed0000 True 13
Fn
Get Handle c:\windows\system32\advapi32.dll base_address = 0x76fb0000 True 3
Fn
Get Filename - process_name = c:\users\eebsym5\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe, size = 260 True 3
Fn
Get Filename c:\users\eebsym5\appdata\roaming\oracle\bin\client\jvm.dll process_name = c:\users\eebsym5\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsAlloc, address_out = 0x76f2418d True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsGetValue, address_out = 0x76f21e16 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsSetValue, address_out = 0x76f276e6 True 2
Fn
Get Address c:\windows\system32\kernel32.dll function = FlsFree, address_out = 0x76f21f61 True 2
Fn
Get Address c:\users\eebsym5\appdata\roaming\oracle\bin\client\jvm.dll function = JNI_CreateJavaVM, address_out = 0x6c4a8e70 True 1
Fn
Get Address c:\users\eebsym5\appdata\roaming\oracle\bin\client\jvm.dll function = JNI_GetDefaultJavaVMInitArgs, address_out = 0x6c49e340 True 1
Fn
Get Address c:\users\eebsym5\appdata\roaming\oracle\bin\java.dll address_out = 0x6f4e6fcf True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SetSecurityDescriptorControl, address_out = 0x76fd7a8b True 3
Fn
Get Address c:\users\eebsym5\appdata\roaming\oracle\bin\net.dll function = _JNI_OnLoad@8, address_out = 0x6dae3379 True 1
Fn
Get Address c:\users\eebsym5\appdata\roaming\oracle\bin\sunec.dll function = _JNI_OnLoad@8, address_out = 0x0 False 1
Fn
Get Address c:\users\eebsym5\appdata\roaming\oracle\bin\sunec.dll function = JNI_OnLoad, address_out = 0x0 False 1
Fn
Get Address c:\users\eebsym5\appdata\roaming\oracle\bin\java.dll function = _Java_java_lang_ref_Finalizer_invokeFinalizeMethod@12, address_out = 0x6f4e207c True 1
Fn
Create Mapping C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5\3332 filename = C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5\3332, protection = PAGE_READWRITE, maximum_size = 65536 True 1
Fn
Map C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5\3332 process_name = c:\users\eebsym5\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
System (42)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-02-24 20:29:58 (UTC) True 1
Fn
Get Time type = Ticks, time = 157826 True 1
Fn
Get Time type = System Time, time = 2018-02-24 20:29:59 (UTC) True 23
Fn
Get Time type = System Time, time = 2018-02-24 20:30:00 (UTC) True 8
Fn
Get Time type = System Time, time = 2018-02-24 20:30:01 (UTC) True 2
Fn
Get Info type = Hardware Information True 2
Fn
Get Info type = Operating System True 1
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 3
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create - True 1
Fn
Environment (5)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 2
Fn
Data
Get Environment String name = _ALT_JAVA_HOME_DIR False 1
Fn
Get Environment String name = JAVA_TOOL_OPTIONS False 1
Fn
Get Environment String name = _JAVA_OPTIONS False 1
Fn
Network Behavior
DNS (4)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = cRh2YWu7 True 2
Fn
Resolve Name host = cRh2YWu7, address_out = fe80:0000:0000:0000:48d9:542c:fc57:360f, 192.168.0.222 True 1
Fn
Resolve Name host = vvrhhhnaijyj6s2m.onion.top, address_out = 62.0.58.94 True 1
Fn
TCP Sessions (1)
»
Information Value
Total Data Sent 0 bytes
Total Data Received 0 bytes
Contacted Host Count 1
Contacted Hosts 0000:0000:0000:0000:0000:ffff:3e00:3a5e:443
TCP Session #1
»
Information Value
Handle 0x284
Address Family AF_INET6
Type SOCK_STREAM
Protocol IPPROTO_IP
Remote Address 0000:0000:0000:0000:0000:ffff:3e00:3a5e
Remote Port 443
Local Address -
Local Port -
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Connect remote_address = 0000:0000:0000:0000:0000:ffff:3e00:3a5e, remote_port = 443 False 1
Fn
Process #21: javaw.exe
0 0
»
Information Value
ID #21
File Name c:\users\eebsym5\appdata\roaming\oracle\bin\javaw.exe
Command Line "C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:39, Reason: Autostart
Unmonitor End Time: 00:02:41, Reason: Terminated by Timeout
Monitor Duration 00:00:02
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x6b4
Parent PID 0x548 (c:\windows\explorer.exe)
Is Created or Modified Executable False
Integrity Level Medium
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 6B8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000020000 0x00020000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000040000 0x00040000 0x00042fff Pagefile Backed Memory Readable True False False -
private_0x0000000000050000 0x00050000 0x0009ffff Private Memory Readable, Writable True False False -
locale.nls 0x000a0000 0x00106fff Memory Mapped File Readable False False False -
pagefile_0x0000000000110000 0x00110000 0x001d7fff Pagefile Backed Memory Readable True False False -
private_0x0000000000280000 0x00280000 0x0037ffff Private Memory Readable, Writable True False False -
javaw.exe 0x010f0000 0x0111efff Memory Mapped File Readable, Writable, Executable True False False -
comctl32.dll 0x74080000 0x7421dfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x75260000 0x752a9fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x753a0000 0x753a9fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x75550000 0x755effff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x755f0000 0x7569bfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x756a0000 0x75768fff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x75770000 0x75843fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x75850000 0x758a6fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x75b70000 0x75b88fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x75e30000 0x75ed0fff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76b30000 0x76b7dfff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x76d40000 0x76e0bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x76f50000 0x7708bfff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x77090000 0x770aefff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x770e0000 0x7717cfff Memory Mapped File Readable, Writable, Executable False False False -
apisetschema.dll 0x77190000 0x77190fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image