d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c (SHA256)
d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe
Windows Exe (x86-32)
Created at 2018-07-02 12:52:00
Monitored Processes
Behavior Information - Sequential View
Process #1: d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe
11332
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:27, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:45, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:18 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x904 |
| Parent PID | 0x564 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
908
0x
918
0x
9B8
0x
9BC
0x
A28
0x
A2C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000100000 | 0x00100000 | 0x00100fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x001bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x005effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x006cefff | Pagefile Backed Memory | Readable |
|
|
|
- |
| rsaenh.dll | 0x006d0000 | 0x0070bfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000710000 | 0x00710000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000790000 | 0x00790000 | 0x0080ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000810000 | 0x00810000 | 0x00890fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000810000 | 0x00810000 | 0x0089cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000008b0000 | 0x008b0000 | 0x00caffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000cb0000 | 0x00cb0000 | 0x00e37fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000ea0000 | 0x00ea0000 | 0x01020fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortdefault.nls | 0x01030000 | 0x012fefff | Memory Mapped File | Readable |
|
|
|
- |
| d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe | 0x013a0000 | 0x01483fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000001490000 | 0x01490000 | 0x0288ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000002890000 | 0x02890000 | 0x02a2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000028e0000 | 0x028e0000 | 0x0291ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002940000 | 0x02940000 | 0x0297ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002990000 | 0x02990000 | 0x029cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000029f0000 | 0x029f0000 | 0x02a2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002a80000 | 0x02a80000 | 0x02abffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002ad0000 | 0x02ad0000 | 0x02b0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002b50000 | 0x02b50000 | 0x02f4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002f50000 | 0x02f50000 | 0x03063fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002f50000 | 0x02f50000 | 0x0304ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000030f0000 | 0x030f0000 | 0x034effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003570000 | 0x03570000 | 0x0396ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003970000 | 0x03970000 | 0x03d72fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003970000 | 0x03970000 | 0x03b6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003b70000 | 0x03b70000 | 0x03c96fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003b70000 | 0x03b70000 | 0x03c75fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003e00000 | 0x03e00000 | 0x041fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x047dffff | Private Memory | Readable, Writable |
|
|
|
- |
| dwmapi.dll | 0x752b0000 | 0x752c2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x752d0000 | 0x7534ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x75360000 | 0x75367fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x75370000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x753d0000 | 0x7540efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| srvcli.dll | 0x754e0000 | 0x754f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wkscli.dll | 0x75580000 | 0x7558efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| srvcli.dll | 0x755a0000 | 0x755b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x755a0000 | 0x755dafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| netapi32.dll | 0x755b0000 | 0x755c0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| netutils.dll | 0x755c0000 | 0x755c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| netapi32.dll | 0x755e0000 | 0x755f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wkscli.dll | 0x755e0000 | 0x755eefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x755e0000 | 0x755f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| netutils.dll | 0x755f0000 | 0x755f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wsock32.dll | 0x75600000 | 0x75606fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| winmm.dll | 0x75610000 | 0x75641fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| version.dll | 0x75650000 | 0x75658fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x75660000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| userenv.dll | 0x75670000 | 0x75686fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mpr.dll | 0x75690000 | 0x756a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| winnsi.dll | 0x756b0000 | 0x756b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| iphlpapi.dll | 0x756c0000 | 0x756dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| comctl32.dll | 0x756e0000 | 0x7587dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75980000 | 0x7598bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x75990000 | 0x759effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| psapi.dll | 0x75a20000 | 0x75a24fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x75a30000 | 0x75a48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nsi.dll | 0x75a50000 | 0x75a55fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| crypt32.dll | 0x75a60000 | 0x75b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75bb0000 | 0x75bf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| iertutil.dll | 0x75dd0000 | 0x75fcafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75fd0000 | 0x760dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x760e0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76180000 | 0x761d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| urlmon.dll | 0x76240000 | 0x76375fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ws2_32.dll | 0x76380000 | 0x763b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x763c0000 | 0x763c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msasn1.dll | 0x763d0000 | 0x763dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x763e0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x764e0000 | 0x7656efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wininet.dll | 0x76570000 | 0x76664fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x76670000 | 0x7671bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x76720000 | 0x767ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| comdlg32.dll | 0x767f0000 | 0x7686afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x76920000 | 0x77569fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x77570000 | 0x775cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x775d0000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x776c0000 | 0x7781bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77820000 | 0x778affff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x77990000 | 0x77a2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077a30000 | 0x77a30000 | 0x77b4efff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077b50000 | 0x77b50000 | 0x77c49fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77c50000 | 0x77df8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77e30000 | 0x77faffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000000fffa7000 | 0xfffa7000 | 0xfffa9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000fffaa000 | 0xfffaa000 | 0xfffacfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000fffad000 | 0xfffad000 | 0xfffaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000fffb0000 | 0xfffb0000 | 0xfffd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000fffd5000 | 0xfffd5000 | 0xfffd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000fffd8000 | 0xfffd8000 | 0xfffdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000fffdb000 | 0xfffdb000 | 0xfffddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000fffde000 | 0xfffde000 | 0xfffdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000fffdf000 | 0xfffdf000 | 0xfffdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000fffe0000 | 0xfffe0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe | 355.50 KB |
MD5:
8893004b04b4436eb47e9b504b7a437f
SHA1: 29b18de4657e00cabc41b3600e753ef51960cd21 SHA256: d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\1033\structuredqueryschema.king_ouroboros.bin | 34.82 KB |
MD5:
f2ad2da14dd24935bfcde62777728563
SHA1: e6f252a00c7d507dd84dacf31a0903b14e4abb07 SHA256: d3720bff0369475d216c957505505cc2809f0b661e7de2fe5e75a6416cbdf76d |
|
|
Threads
Thread 0x908
11332
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.DLL, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x75fe1886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75fe34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75fe1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77e5e026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75fe14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75fe14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75fe10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75fe1450 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x75fe192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MulDiv, address_out = 0x75fe1b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x75fe1ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75fe195e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemInfo, address_out = 0x75fe49ca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x75fe34c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75fe49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75fe1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75fe1b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75fe4950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75fe170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x76003102 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75fe1700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x75fe34b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75fe1725 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x75ffd9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75fe1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75ffd9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x75ffd9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadProcessMemory, address_out = 0x75ffcfcc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75fe3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x75ffc807 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x75ffce2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75fe3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75fe1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x75fe469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75ffd802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x7600735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x76008baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x7600896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x75ffecbb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75fe1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75fe4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetCurrentDirectoryW, address_out = 0x75ff1260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameW, address_out = 0x75fea315 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetShortPathNameW, address_out = 0x75fed2f9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75fe89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75fe54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76003b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x75ff9af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75fe4259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x760644cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetSystemPowerState, address_out = 0x760629b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceFrequency, address_out = 0x75fe41f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindResourceW, address_out = 0x75fe5971 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadResource, address_out = 0x75fe594c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LockResource, address_out = 0x75fe5959 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SizeofResource, address_out = 0x75fe5ac9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumResourceNamesW, address_out = 0x76053161 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x7600d1d4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x75ffd4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameW, address_out = 0x7600d1b6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeviceIoControl, address_out = 0x75fe322f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocalTime, address_out = 0x75fe5aa6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75fe3bca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75fe1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77e522b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77e52270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x75fe51b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x7606415b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75fe1462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x75fe7a2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x75fe495d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindResourceExW, address_out = 0x75fe3299 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x7600830d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75fe186e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x75fe4620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x75ff174d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileStringW, address_out = 0x75feea48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WritePrivateProfileStringW, address_out = 0x7600640c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileSectionW, address_out = 0x76006b1a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WritePrivateProfileSectionW, address_out = 0x7605a181 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileSectionNamesW, address_out = 0x7605a1ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToLocalFileTime, address_out = 0x75fee29e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToSystemTime, address_out = 0x75fe542c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x75fe5a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFileTimeToFileTime, address_out = 0x7600d50e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x75fe418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x75ffd50f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDiskFreeSpaceW, address_out = 0x75fff7aa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x75ffc860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetVolumeLabelW, address_out = 0x7606255b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateHardLinkW, address_out = 0x7606d618 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75ffd4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x75fe183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x75fe16c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x75fe1b48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableW, address_out = 0x75fe89f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address_out = 0x75ffd0a7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address_out = 0x75ffcfdf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x75fe588e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x75fe196e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x75fe5558 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x7600d4c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Beep, address_out = 0x760552e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x75fe5063 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77e71f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77e63002 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x75fedd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x75fe43e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75fe11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessIoCounters, address_out = 0x76063116 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x75fe103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessId, address_out = 0x7600cf04 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetPriorityClass, address_out = 0x75ffcf28 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x75fe492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75fe1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75fe4a5d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentDirectoryW, address_out = 0x75fe5611 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x75ffd5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77e69d35 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75fe11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x75fe58a6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75fe1916 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77e645f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x75fe13f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75fe1400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x75fe17ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75fe1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFullPathNameW, address_out = 0x75fe40d4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77e70fcb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75fe7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x75fe4a6f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address_out = 0x77e8d598 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75fe3509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResumeThread, address_out = 0x75fe43ef |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75fe5223 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75fe5235 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75fe4493 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x75fe179c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7600d1a1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75fe5189 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75fe11a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7600772f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x75fe87c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x75fe49ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x75fe11e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x75fe14fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75fe3587 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75fe4d40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75fe1946 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x7606454f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75fe3531 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x76087bff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75fe1328 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7600d1c3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadConsoleW, address_out = 0x7608739a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x75fe465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x760034d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x75fff481 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x75fe17b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x75fe51e3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x75fe51cb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x76007aca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75fe4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x75fee331 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x760e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x760f45f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumValueW, address_out = 0x760f48cc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x760ecf31 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteKeyW, address_out = 0x760f1272 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExW, address_out = 0x760f46c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x760f14d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x760f468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x760f469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x760f46ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegConnectRegistryW, address_out = 0x760e8f01 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x760f4620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeAcl, address_out = 0x760f45cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x760f418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x760f432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x760f4304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x760f41b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = DuplicateTokenEx, address_out = 0x760eca24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CreateProcessAsUserW, address_out = 0x760ec592 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CreateProcessWithLogonW, address_out = 0x761252e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x760f413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CopySid, address_out = 0x760f444e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LogonUserW, address_out = 0x760ec1a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x760f40e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CheckTokenMembership, address_out = 0x760edf04 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x760f40fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x760f412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x760f431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorDacl, address_out = 0x760f41a6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAclInformation, address_out = 0x760ecc89 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AddAce, address_out = 0x760eae0f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x760f415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x760f157a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7613db3a |
|
1 | |
| Module | Load | module_name = COMCTL32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_ReplaceIcon, address_out = 0x757110b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Destroy, address_out = 0x756f6471 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Remove, address_out = 0x7570e333 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_SetDragCursorImage, address_out = 0x757caf46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_BeginDrag, address_out = 0x757cb021 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragEnter, address_out = 0x757cb0b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragLeave, address_out = 0x757cb12a |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_EndDrag, address_out = 0x757ca177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragMove, address_out = 0x757cb0f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitCommonControlsEx, address_out = 0x757009ce |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Create, address_out = 0x756f3c75 |
|
1 | |
| Module | Load | module_name = COMDLG32.dll, base_address = 0x767f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\comdlg32.dll, function = GetOpenFileNameW, address_out = 0x7682a2d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\comdlg32.dll, function = GetSaveFileNameW, address_out = 0x7682a36e |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x77820000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = StrokePath, address_out = 0x7786573f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x77835689 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetTextExtentPoint32W, address_out = 0x7783c107 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = ExtCreatePen, address_out = 0x7784c39b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x77834de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = EndPath, address_out = 0x77865506 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SetPixel, address_out = 0x7783ccee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CloseFigure, address_out = 0x778654af |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x77835f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x778354f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x77834f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = StretchBlt, address_out = 0x7783b895 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDIBits, address_out = 0x77836001 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = LineTo, address_out = 0x7783b9e5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = AngleArc, address_out = 0x77864124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = MoveToEx, address_out = 0x77838ee6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = Ellipse, address_out = 0x77864492 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x778358b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetPixel, address_out = 0x7783cbfb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7783e743 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetStockObject, address_out = 0x77834eb8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetTextFaceW, address_out = 0x77839936 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateFontW, address_out = 0x7783b600 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SetTextColor, address_out = 0x7783522d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = PolyDraw, address_out = 0x77865d87 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BeginPath, address_out = 0x778653fd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = Rectangle, address_out = 0x7783a53a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SetViewportOrgEx, address_out = 0x778386cc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetObjectW, address_out = 0x77836c3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SetBkMode, address_out = 0x778351a2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = RoundRect, address_out = 0x77846cde |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SetBkColor, address_out = 0x778352d8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreatePen, address_out = 0x7783ba4f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateSolidBrush, address_out = 0x77834f17 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = StrokeAndFillPath, address_out = 0x778656ac |
|
1 | |
| Module | Load | module_name = IPHLPAPI.DLL, base_address = 0x756c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = IcmpCreateFile, address_out = 0x756c8666 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = IcmpCloseHandle, address_out = 0x756c821a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = IcmpSendEcho, address_out = 0x756c870b |
|
1 | |
| Module | Load | module_name = MPR.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetUseConnectionW, address_out = 0x75694769 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x776c0000 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x764e0000 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75a20000 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76920000 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x763e0000 |
|
1 | |
| Module | Load | module_name = USERENV.dll, base_address = 0x75670000 |
|
1 | |
| Module | Load | module_name = UxTheme.dll, base_address = 0x752d0000 |
|
1 | |
| Module | Load | module_name = VERSION.dll, base_address = 0x75650000 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76570000 |
|
1 | |
| Module | Load | module_name = WINMM.dll, base_address = 0x75610000 |
|
1 | |
| Module | Load | module_name = WSOCK32.dll, base_address = 0x75600000 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-07-02 12:52:52 (UTC) |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75fe4f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75fe359f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75fe1252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75fe4208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75fe4d28 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x7606410b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76064195 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x75fed31f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x75ffee7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x77e7441c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x77e9c50e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x77e9c381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x75fff088 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77e805d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x77e9ca24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77e50b8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77f0fde8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77ea1e1d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76064761 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x7605cd11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x7606424f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x760646b1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x76076676 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x76064751 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x760765f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x760647c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x760647e1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x760647f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x75ffeee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75ff10b5 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Control Panel\Mouse |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Control Panel\Mouse, value_name = SwapMouseButtons, data = 48 |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, size = 32767 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, size = 32767 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ffd650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, type = file_type |
|
1 | |
| Module | Load | module_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, base_address = 0x13a0000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x75ffd668 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-07-02 12:52:52 (UTC) |
|
5 | |
| Debug | Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ffd650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, type = file_type |
|
1 | |
| Module | Load | module_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, base_address = 0x13a0000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x75ffd668 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-07-02 12:52:53 (UTC) |
|
8 | |
| Window | Create | window_name = AutoIt v3, class_name = AutoIt v3, wndproc_parameter = 0 |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| Window | Create | class_name = edit, wndproc_parameter = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Mutex | Create | mutex_name = 8gf3892489g09j |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-07-02 12:52:53 (UTC) |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
10 | |
| File | Copy | source_filename = C:\Users\5P5NRG~1\Desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, destination_filename = C:\PROGRA~2\COMMON~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, copy_flags = COPY_FILE_ALLOW_DECRYPTED_DESTINATION |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe /c schtasks /create /sc onlogon /tn 2620738370 /rl highest /tr C:\PROGRA~2\COMMON~1\D4DE58~1.EXE, os_pid = 0x994, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, value_name = EnableLinkedConnections, type = REG_NONE |
|
1 | |
| Module | Load | module_name = Netapi32.dll, base_address = 0x755e0000 |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| Module | Load | module_name = Netapi32.dll, base_address = 0x755b0000 |
|
1 | |
| Module | Load | module_name = netapi32.dll, base_address = 0x755e0000 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\AddNetworkPlace\AddNetPlace\LocationMRU |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
4 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.king_ouroboros.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, size = 65536, size_out = 35116 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.king_ouroboros.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, size = 65536, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, size = 65536, size_out = 7387 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 98 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.king_ouroboros.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, size = 65536, size_out = 53188 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 195 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create Directory | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.king_ouroboros.0 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.king_ouroboros.0\SharedDataEvents, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, size = 65536, size_out = 5120 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 294 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.king_ouroboros.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, size = 65536, size_out = 65536 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, size = 65536, size_out = 11941 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 390 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.king_ouroboros.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 65536, size_out = 65536 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 65536, size_out = 672 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 483 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.king_ouroboros.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 65536, size_out = 2676 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 575 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.king_ouroboros.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, size = 65536, size_out = 65536 |
|
16 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, size = 65536, size_out = 65536 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, size = 65536, size_out = 16216 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 666 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.king_ouroboros.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe, size = 65536, size_out = 15440 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 843 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.king_ouroboros.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms, size = 65536, size_out = 17104 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.cdf-ms |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 1017 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.manifest, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.king_ouroboros.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.manifest, size = 65536, size_out = 13643 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.manifest, size = 65536, size_out = 0 |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.manifest, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe.manifest |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 1198 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.cdf-ms, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.king_ouroboros.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.cdf-ms, size = 65536, size_out = 3808 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.cdf-ms, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.cdf-ms |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 1381 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap_unsigned.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.king_ouroboros.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe, size = 65536, size_out = 65536 |
|
16 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe, size = 65536, size_out = 65536 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe, size = 65536, size_out = 16216 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 1567 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.king_ouroboros.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms, size = 65536, size_out = 17104 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 1739 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.king_ouroboros.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest, size = 65536, size_out = 13643 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 1911 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.king_ouroboros.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms, size = 65536, size_out = 14512 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2085 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.king_ouroboros.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest, size = 65536, size_out = 11824 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2257 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.king_ouroboros.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, size = 65536, size_out = 65536 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, size = 65536, size_out = 43288 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2431 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\metadata, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0, size = 65536, size_out = 45056 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2511 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1, size = 65536, size_out = 65536 |
|
4 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1, size = 65536, size_out = 8192 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2618 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2, size = 65536, size_out = 8192 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2725 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, size = 65536, size_out = 65536 |
|
16 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, size = 65536, size_out = 65536 |
|
16 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, size = 65536, size_out = 65536 |
|
16 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, size = 65536, size_out = 65536 |
|
16 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, size = 65536, size_out = 8192 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2832 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\index, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\index, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\index, size = 65536, size_out = 65536 |
|
8 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\index, size = 65536, size_out = 368 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\index, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\index, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\index |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 2939 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies, size = 65536, size_out = 7168 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 3045 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Current Session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Current Tabs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.king_ouroboros.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, size = 65536, size_out = 3372 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 3147 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| System | Sleep | duration = 750 milliseconds (0.750 seconds) |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.king_ouroboros.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, size = 65536, size_out = 11094 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 3302 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Load | module_name = Advapi32.dll, base_address = 0x760e0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.king_ouroboros.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, size = 65536, size_out = 3213 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = msvcrt.dll, base_address = 0x76670000 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Delete | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png |
|
1 | |
| File | Create | filename = C:\PROGRA~2\COMMON~1\log.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 3477 |
|
1 | |
| File | Read | filename = C:\PROGRA~2\COMMON~1\log.txt, size = 65536, size_out = 0 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75fd0000 |
|
2 | |
|
For performance reasons, the remaining 7841 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process #2: cmd.exe
56
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c schtasks /create /sc onlogon /tn 2620738370 /rl highest /tr C:\PROGRA~2\COMMON~1\D4DE58~1.EXE |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:40, Reason: Child Process |
| Unmonitor | End Time: 00:01:45, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x994 |
| Parent PID | 0x904 (c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
998
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x0013ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x00140000 | 0x001a6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x002fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x005cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005d0000 | 0x005d0000 | 0x00757fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000760000 | 0x00760000 | 0x008e0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000008f0000 | 0x008f0000 | 0x01ceffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000001cf0000 | 0x01cf0000 | 0x02032fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortdefault.nls | 0x02040000 | 0x0230efff | Memory Mapped File | Readable |
|
|
|
- |
| cmd.exe | 0x4a630000 | 0x4a67bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x75360000 | 0x75367fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x75370000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x753d0000 | 0x7540efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| winbrand.dll | 0x755d0000 | 0x755d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75980000 | 0x7598bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x75990000 | 0x759effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x75a30000 | 0x75a48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75bb0000 | 0x75bf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75fd0000 | 0x760dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x760e0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x763c0000 | 0x763c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x763e0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x76670000 | 0x7671bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x76720000 | 0x767ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x77570000 | 0x775cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x775d0000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77820000 | 0x778affff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x77990000 | 0x77a2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077a30000 | 0x77a30000 | 0x77b4efff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077b50000 | 0x77b50000 | 0x77c49fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77c50000 | 0x77df8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77e30000 | 0x77faffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
Threads
Thread 0x998
56
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-07-02 12:53:01 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 103085 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a630000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ffa84f |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76003b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75fe4a5d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x75ffa79d |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\schtasks.exe, os_pid = 0x9ac, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #3: schtasks.exe
21
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\schtasks.exe |
| Command Line | schtasks /create /sc onlogon /tn 2620738370 /rl highest /tr C:\PROGRA~2\COMMON~1\D4DE58~1.EXE |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:40, Reason: Child Process |
| Unmonitor | End Time: 00:01:45, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9ac |
| Parent PID | 0x994 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9B0
0x
9B4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x0013ffff | Private Memory | Readable, Writable |
|
|
|
- |
| schtasks.exe.mui | 0x00140000 | 0x00151fff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x002bffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x002c0000 | 0x00326fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000330000 | 0x00330000 | 0x0040efff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000410000 | 0x00410000 | 0x00410fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x00420fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0045ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x005e7fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| schtasks.exe | 0x00670000 | 0x0069dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x00000000006a0000 | 0x006a0000 | 0x00820fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000830000 | 0x00830000 | 0x01c2ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortdefault.nls | 0x01c30000 | 0x01efefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000001f00000 | 0x01f00000 | 0x0206ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x01ffffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002030000 | 0x02030000 | 0x0206ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002120000 | 0x02120000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
- |
| uxtheme.dll | 0x752d0000 | 0x7534ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x75360000 | 0x75367fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x75370000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x753d0000 | 0x7540efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| taskschd.dll | 0x75500000 | 0x7557cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ktmw32.dll | 0x75590000 | 0x75598fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| xmllite.dll | 0x755a0000 | 0x755cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| version.dll | 0x75650000 | 0x75658fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75980000 | 0x7598bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x75990000 | 0x759effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x75a30000 | 0x75a48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75bb0000 | 0x75bf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75fd0000 | 0x760dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x760e0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76180000 | 0x761d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x763c0000 | 0x763c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x763e0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x764e0000 | 0x7656efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x76670000 | 0x7671bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x76720000 | 0x767ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x76890000 | 0x76912fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x77570000 | 0x775cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x775d0000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x776c0000 | 0x7781bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77820000 | 0x778affff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x77990000 | 0x77a2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077a30000 | 0x77a30000 | 0x77b4efff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077b50000 | 0x77b50000 | 0x77c49fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77c50000 | 0x77df8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77e30000 | 0x77faffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
Threads
Thread 0x9b0
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-07-02 12:53:01 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 103210 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\schtasks.exe, base_address = 0x670000 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\schtasks.exe, file_name_orig = C:\Windows\SysWOW64\schtasks.exe, size = 260 |
|
1 | |
| Module | Load | module_name = VERSION.dll, base_address = 0x75650000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\version.dll, function = GetFileVersionInfoSizeW, address_out = 0x756519d9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\version.dll, function = GetFileVersionInfoW, address_out = 0x756519f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\version.dll, function = VerQueryValueW, address_out = 0x75651b51 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\schtasks.exe, file_name_orig = C:\Windows\SysWOW64\schtasks.exe, size = 260 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-07-02 22:53:01 (Local Time) |
|
2 | |
| COM | Create | interface = 2FABA4C7-4DA9-4013-9697-20CC3FD40F85, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-07-02 22:53:01 (Local Time) |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x760e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x760f157a |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 72 |
|
1 |
Process #4: taskeng.exe
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\taskeng.exe |
| Command Line | taskeng.exe {05965D02-66FE-4C30-84EF-49C2DFC0C57D} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1] |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:41, Reason: Created Scheduled Job |
| Unmonitor | End Time: 00:01:45, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:04 |
| Remarks | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5c8 |
| Parent PID | 0x360 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
980
0x
64C
0x
648
0x
5E0
0x
5D4
0x
5CC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000270000 | 0x00270000 | 0x00270fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x0037ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000380000 | 0x00380000 | 0x00507fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000520000 | 0x00520000 | 0x0052ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x006b0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x01abffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000001ac0000 | 0x01ac0000 | 0x01eb2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01f4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001f50000 | 0x01f50000 | 0x0204ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000020d0000 | 0x020d0000 | 0x0214ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000021a0000 | 0x021a0000 | 0x0221ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x022f0000 | 0x025befff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002670000 | 0x02670000 | 0x026effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002720000 | 0x02720000 | 0x0279ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000027a0000 | 0x027a0000 | 0x0281ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000002820000 | 0x02820000 | 0x028fefff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000002920000 | 0x02920000 | 0x0299ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernel32.dll | 0x77a30000 | 0x77b4efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x77b50000 | 0x77c49fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77c50000 | 0x77df8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| taskeng.exe | 0xff0f0000 | 0xff163fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| tschannel.dll | 0x7fef83c0000 | 0x7fef83c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ktmw32.dll | 0x7fefb290000 | 0x7fefb299fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| xmllite.dll | 0x7fefc050000 | 0x7fefc084fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| dwmapi.dll | 0x7fefc090000 | 0x7fefc0a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x7fefc4c0000 | 0x7fefc515fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x7fefd190000 | 0x7fefd1d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x7fefd490000 | 0x7fefd4a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wevtapi.dll | 0x7fefd6c0000 | 0x7fefd72cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x7fefda60000 | 0x7fefda84fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x7fefda90000 | 0x7fefda9efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrtremote.dll | 0x7fefdb80000 | 0x7fefdb93fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7fefde60000 | 0x7fefdecafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x7fefdf70000 | 0x7fefe172fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x7fefef10000 | 0x7fefefa8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7fefefb0000 | 0x7feff0dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7feff210000 | 0x7feff2aefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x7feff2b0000 | 0x7feff38afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7feff390000 | 0x7feff3aefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x7feff3b0000 | 0x7feff3bdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x7feff3c0000 | 0x7feff3edfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x7feff910000 | 0x7feff976fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x7feff980000 | 0x7feff9f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x7feffa00000 | 0x7feffb08fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x7feffb10000 | 0x7feffbe6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x7feffe90000 | 0x7fefff58fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apisetschema.dll | 0x7fefff70000 | 0x7fefff70fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
|
|
- |
