Host | Resolved to | Country | City | Protocol |
---|---|---|---|---|
api.ipify.org | HTTP | |||
butsulacoft.com | 62.109.18.138 | RU | HTTP, TCP | |
supritofuld.ru | HTTP | |||
tekstheks.nl | HTTP | |||
fortsiretbab.com | HTTP | |||
checkip.dyndns.org | HTTP | |||
127.0.0.1 | TCP | |||
18.0.0.1 | US | Cambridge | UDP | |
82.223.21.74 | ES | TCP |
Information | Value |
---|---|
ID | #1 |
File Name | c:\program files\microsoft office\office15\winword.exe |
Command Line | "C:\Program Files\Microsoft Office\Office15\WINWORD.EXE" |
Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
Monitor | Start Time: 00:00:09, Reason: Analysis Target |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:02:04 |
Information | Value |
---|---|
PID | 0x934 |
Parent PID | 0x568 (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
98C
0x
988
0x
984
0x
980
0x
97C
0x
978
0x
958
0x
954
0x
94C
0x
948
0x
944
0x
938
0x
9CC
0x
9D8
0x
A04
0x
A1C
0x
AC0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00043fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x00150fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000370000 | 0x00370000 | 0x00371fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000380000 | 0x00380000 | 0x0038ffff | Private Memory |
|
||||
pagefile_0x0000000000390000 | 0x00390000 | 0x00396fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000003a0000 | 0x003a0000 | 0x003a1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000003c0000 | 0x003c0000 | 0x003c1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000400000 | 0x00400000 | 0x004fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000500000 | 0x00500000 | 0x00687fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000006a0000 | 0x006a0000 | 0x006affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000006b0000 | 0x006b0000 | 0x00830fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000840000 | 0x00840000 | 0x01c3ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001c40000 | 0x01c40000 | 0x01d3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001d70000 | 0x01d70000 | 0x01daffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001db0000 | 0x01db0000 | 0x01e2ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001e60000 | 0x01e60000 | 0x01e6ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001e70000 | 0x01e70000 | 0x01f4efff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001fc0000 | 0x01fc0000 | 0x01fc4fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000001fd0000 | 0x01fd0000 | 0x01fd0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001fe0000 | 0x01fe0000 | 0x01fe1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000002000000 | 0x02000000 | 0x02000fff | Pagefile Backed Memory | Readable |
|
|||
msxml6r.dll | 0x02010000 | 0x02010fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000002020000 | 0x02020000 | 0x02020fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000002030000 | 0x02030000 | 0x0212ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002130000 | 0x02130000 | 0x0222ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002230000 | 0x02230000 | 0x02622fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x02630000 | 0x028fefff | Memory Mapped File | Readable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db | 0x02900000 | 0x02926fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002930000 | 0x02930000 | 0x02930fff | Private Memory | Readable, Writable |
|
|||
c_1255.nls | 0x02940000 | 0x02950fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002a80000 | 0x02a80000 | 0x02b7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ba0000 | 0x02ba0000 | 0x02c9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ca0000 | 0x02ca0000 | 0x02cbefff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002cf0000 | 0x02cf0000 | 0x02d6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002dc0000 | 0x02dc0000 | 0x02ebffff | Private Memory | Readable, Writable |
|
|||
segoeui.ttf | 0x02ec0000 | 0x02f3efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002f60000 | 0x02f60000 | 0x0305ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000003060000 | 0x03060000 | 0x0345ffff | Pagefile Backed Memory | Readable |
|
|||
staticcache.dat | 0x03460000 | 0x03d8ffff | Memory Mapped File | Readable |
|
|||
private_0x0000000003d90000 | 0x03d90000 | 0x03e8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ec0000 | 0x03ec0000 | 0x03f3ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000003f70000 | 0x03f70000 | 0x03f7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003f80000 | 0x03f80000 | 0x0407ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000040c0000 | 0x040c0000 | 0x040cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004130000 | 0x04130000 | 0x0422ffff | Private Memory | Readable, Writable |
|
|||
seguisb.ttf | 0x04230000 | 0x04293fff | Memory Mapped File | Readable |
|
|||
private_0x00000000042b0000 | 0x042b0000 | 0x042bffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000042c0000 | 0x042c0000 | 0x04abffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004b30000 | 0x04b30000 | 0x04baffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004bb0000 | 0x04bb0000 | 0x04bbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004c00000 | 0x04c00000 | 0x04cfffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004d80000 | 0x04d80000 | 0x04e7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004e80000 | 0x04e80000 | 0x0507ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005080000 | 0x05080000 | 0x0517ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005200000 | 0x05200000 | 0x0527ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000052c0000 | 0x052c0000 | 0x053bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000053d0000 | 0x053d0000 | 0x054cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000054d0000 | 0x054d0000 | 0x064cffff | Pagefile Backed Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x064d0000 | 0x0658ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000006680000 | 0x06680000 | 0x066fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006700000 | 0x06700000 | 0x06afffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006b00000 | 0x06b00000 | 0x06efffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006f00000 | 0x06f00000 | 0x076fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007700000 | 0x07700000 | 0x07b00fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007b10000 | 0x07b10000 | 0x07f10fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007f20000 | 0x07f20000 | 0x08320fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008330000 | 0x08330000 | 0x0852ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008530000 | 0x08530000 | 0x089effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000089f0000 | 0x089f0000 | 0x08deffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000037440000 | 0x37440000 | 0x3744ffff | Private Memory | Readable, Writable, Executable |
|
|||
msvcp100.dll | 0x73d80000 | 0x73e17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcr100.dll | 0x73e20000 | 0x73ef1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
osppc.dll | 0x74830000 | 0x74862fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x77710000 | 0x77716fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
winword.exe | 0x13fd90000 | 0x13ff67fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000007feb3df0000 | 0x7feb3df0000 | 0x7feb3df9fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x000007febef30000 | 0x7febef30000 | 0x7febef3ffff | Private Memory | Readable, Writable, Executable |
|
|||
riched20.dll | 0x7fee8d70000 | 0x7fee8f92fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
adal.dll | 0x7fee8fa0000 | 0x7fee9078fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoreei.dll | 0x7fee91b0000 | 0x7fee9248fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoree.dll | 0x7fee9250000 | 0x7fee92befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwrite.dll | 0x7fee92c0000 | 0x7fee943dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d10warp.dll | 0x7fee9440000 | 0x7fee960ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msptls.dll | 0x7fee9610000 | 0x7fee9785fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msores.dll | 0x7fee9790000 | 0x7feee47afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso.dll | 0x7feee480000 | 0x7fef0730fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wwlib.dll | 0x7fef0740000 | 0x7fef21befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d11.dll | 0x7fef2200000 | 0x7fef22c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msointl.dll | 0x7fef22d0000 | 0x7fef2646fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wwintl.dll | 0x7fef2650000 | 0x7fef2723fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d2d1.dll | 0x7fef2730000 | 0x7fef2811fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oart.dll | 0x7fef2820000 | 0x7fef3c33fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msimg32.dll | 0x7fef47d0000 | 0x7fef47d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msxml6.dll | 0x7fef79d0000 | 0x7fef7bc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winspool.drv | 0x7fef7c60000 | 0x7fef7cd0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
office.odf | 0x7fef94a0000 | 0x7fef999ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msi.dll | 0x7fef99a0000 | 0x7fef9cb5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dxgi.dll | 0x7fefa130000 | 0x7fefa1d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d10_1core.dll | 0x7fefa1e0000 | 0x7fefa234fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d10_1.dll | 0x7fefa240000 | 0x7fefa273fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x7fefa500000 | 0x7fefa563fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x7fefa570000 | 0x7fefa5e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
windowscodecs.dll | 0x7fefad90000 | 0x7fefaeb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdiplus.dll | 0x7fefb080000 | 0x7fefb294fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wtsapi32.dll | 0x7fefb950000 | 0x7fefb960fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x7fefbde0000 | 0x7fefbe0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x7fefbe40000 | 0x7fefbf6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x7fefbfc0000 | 0x7fefc1b3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x7fefc650000 | 0x7fefc65bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x7fefca60000 | 0x7fefcaa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x7fefd320000 | 0x7fefd32afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x7fefd350000 | 0x7fefd374fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x7fefd380000 | 0x7fefd38efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winsta.dll | 0x7fefd430000 | 0x7fefd46cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x7fefd470000 | 0x7fefd483fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wintrust.dll | 0x7fefd5e0000 | 0x7fefd619fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x7fefd620000 | 0x7fefd655fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x7fefd660000 | 0x7fefd679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x7fefd990000 | 0x7fefda28fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
For performance reasons, the remaining 194 entries are omitted.
The remaining entries can be found in flog.txt. |
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\adu0vk~1\appdata\local\temp\~dff95cfde65cdb3f5c.tmp | 0.50 KB (512 bytes) |
MD5:
bf619eac0cdf3f68d496ea9344137e8b
SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560 |
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open Key | HKEY_CLASSES_ROOT\Licenses | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\409 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\9 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 | 2 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib | 5 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 | 2 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 | 2 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 | 2 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0 | 2 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0\win64 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0 | 1 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 | 2 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 | 1 |
Fn
|
||
Read Value | HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 | data = } | 1 |
Fn
|
|
Read Value | HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 | value_name = ThreadingModel, data = 65 | 1 |
Fn
|
|
Read Value | HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID | data = {C62A69F0-16DC-11CE-9E98-00AA00574A4F} | 3 |
Fn
|
|
Read Value | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 | data = C:\Program Files\Microsoft Office\Office15\MSWORD.OLB | 2 |
Fn
|
|
Read Value | HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 | data = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL | 1 |
Fn
|
|
Read Value | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 | data = C:\Windows\system32\stdole2.tlb | 1 |
Fn
|
|
Read Value | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0\win64 | data = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL | 1 |
Fn
|
|
Read Value | HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 | data = C:\Windows\system32\FM20.DLL | 1 |
Fn
|
|
Write Value | value_name = PropertiesWindow, data = 4 24 180 720 1, size = 15, type = REG_SZ | 1 |
Fn
|
||
Write Value | value_name = MainWindow, data = 0 0 0 0 1, size = 10, type = REG_SZ | 1 |
Fn
|
||
Write Value | value_name = MdiMaximized, data = 0, size = 2, type = REG_SZ | 1 |
Fn
|
||
Write Value | value_name = FolderView, data = 1, size = 2, type = REG_SZ | 1 |
Fn
|
||
Write Value | value_name = Tool, size = 24, type = REG_BINARY | 1 |
Fn
Data
|
||
Write Value | value_name = CtlsShowSelected, data = 0, size = 2, type = REG_SZ | 1 |
Fn
|
||
Write Value | value_name = DsnShowSelected, data = 0, size = 2, type = REG_SZ | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
||
Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Windows\SysWOW64\svchost.exe | os_pid = 0x9dc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Get Context | c:\program files\microsoft office\office15\winword.exe | os_tid = 0x988 | 1 |
Fn
|
|
Set Context | c:\program files\microsoft office\office15\winword.exe | os_tid = 0x988 | 1 |
Fn
|
|
Resume | c:\program files\microsoft office\office15\winword.exe | os_tid = 0x988 | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Allocate | C:\Windows\SysWOW64\svchost.exe | address = 0x400000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 32768 | 1 |
Fn
|
|
Write | C:\Windows\SysWOW64\svchost.exe | address = 0x400000, size = 1024 | 1 |
Fn
Data
|
|
Write | C:\Windows\SysWOW64\svchost.exe | address = 0x401000, size = 7680 | 1 |
Fn
Data
|
|
Write | C:\Windows\SysWOW64\svchost.exe | address = 0x403000, size = 1024 | 1 |
Fn
Data
|
|
Write | C:\Windows\SysWOW64\svchost.exe | address = 0x404000, size = 3072 | 1 |
Fn
Data
|
|
Write | C:\Windows\SysWOW64\svchost.exe | address = 0x405000, size = 8704 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL | base_address = 0x7fee8a00000 | 1 |
Fn
|
|
Load | kernel32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | Psapi.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | c:\windows\system32\user32.dll | base_address = 0x77440000 | 1 |
Fn
|
|
Get Handle | oleaut32.dll | base_address = 0x7feff5d0000 | 1 |
Fn
|
|
Get Handle | ole32.dll | base_address = 0x7fefede0000 | 2 |
Fn
|
|
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, size = 260 | 4 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x0, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x10000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x20000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x21000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x30000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x34000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x40000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x44000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x50000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xb7000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xc0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xc1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xd0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xd2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xe0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xe2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xf0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xf1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x100000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x101000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x110000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x120000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x151000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x160000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x170000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x24b000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x24d000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x270000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x370000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x372000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x380000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x382000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x390000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x397000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3a0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3a2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3b0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3b2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3c0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3c2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3d0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3df000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3e0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3e3000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3f0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3f1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x400000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x500000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x504000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x680000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x683000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x688000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x690000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x691000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x6a0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x6b0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x831000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x840000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x874000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1c40000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1c5d000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d40000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d41000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d50000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d51000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d60000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d61000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d70000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d73000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1db0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1dd6000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e30000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e31000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e40000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e41000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e50000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e51000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e60000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e70000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f4f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f50000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f71000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f80000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f9f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fa0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fb1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fc0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fc5000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fd0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fd1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fe0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fe2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1ff0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1ff1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x2000000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x2001000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2010000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2011000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2020000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2021000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2030000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x212c000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x212e000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2130000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x222c000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x222f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2230000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2623000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Globalization\Sorting\SortDefault.nls, address = 0x2630000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Globalization\Sorting\SortDefault.nls, address = 0x28ff000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2900000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2927000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2930000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2931000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2940000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2951000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2960000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2961000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2970000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x298e000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2990000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29ae000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29b0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29cf000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29d0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29d2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29e0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29ff000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a00000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a1f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a20000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a3f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a40000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a42000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a50000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a51000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a60000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a61000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a70000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a71000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a80000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2b80000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2b9f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ba0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2c8e000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2c90000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ca0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cbf000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cc0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cdf000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ce0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ce2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cf0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d2a000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d39000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d3a000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d70000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d8f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2d90000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2da2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2db0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2dbc000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2dc0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2eb9000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2ebb000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2ec0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f3f000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f40000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f42000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f50000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f52000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f60000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x305b000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x305d000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x3060000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x31b8000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat, address = 0x3460000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat, address = 0x3d90000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat, address = 0x3d9e000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\normnfd.nls, address = 0x3e90000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\normnfd.nls, address = 0x3e9a000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ea0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ea4000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3eb0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3eb1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ec0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ec2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f40000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f43000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f50000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f54000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f60000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f61000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f70000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f78000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f80000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f8e000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x4080000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40c0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40ca000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40d0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40d1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40e0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40e1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40f0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40f8000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x4100000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x4103000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4110000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4127000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4130000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x421a000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x421c000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Fonts\seguisb.ttf, address = 0x4230000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\seguisb.ttf, address = 0x4294000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42a0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42a9000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42b0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42bb000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42c0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4ac0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4ac1000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b00000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b08000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b10000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b14000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b20000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b24000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b30000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b49000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bb0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bb2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bc0000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bc2000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4c00000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4cfc000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4cfe000, size = 260 | 1 |
Fn
|
||
Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\Desktop\UPS_Slip_307086.doc, address = 0x4d00000, size = 260 | 1 |
Fn
|
||
Get Address | Unknown module name | function = MsoVBADigSigCallDlg, address_out = 0x7fee8b0d128 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoVbaInitSecurity, address_out = 0x7fee8a7a204 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFIEPolicyAndVersion, address_out = 0x7fee8a224b8 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFAnsiCodePageSupportsLCID, address_out = 0x7fee8a7a09c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFInitOffice, address_out = 0x7fee8a1f98c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoUninitOffice, address_out = 0x7fee8a0ec34 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFGetFontSettings, address_out = 0x7fee8a03fac | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoRgchToRgwch, address_out = 0x7fee8a12878 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoHrSimpleQueryInterface, address_out = 0x7fee8a07a5c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoHrSimpleQueryInterface2, address_out = 0x7fee8a079d4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFCreateControl, address_out = 0x7fee8a0870c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFLongLoad, address_out = 0x7fee8b4cb78 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFLongSave, address_out = 0x7fee8b4cb9c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFGetTooltips, address_out = 0x7fee8a123e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFSetTooltips, address_out = 0x7fee8a7a49c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFLoadToolbarSet, address_out = 0x7fee8a67d64 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFCreateToolbarSet, address_out = 0x7fee8a055d0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoHpalOffice, address_out = 0x7fee8a105e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFWndProcNeeded, address_out = 0x7fee8a03cd4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFWndProc, address_out = 0x7fee8a06c80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFCreateITFCHwnd, address_out = 0x7fee8a03d08 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoDestroyITFC, address_out = 0x7fee8a0eaa0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFPitbsFromHwndAndMsg, address_out = 0x7fee8a0e064 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFGetComponentManager, address_out = 0x7fee8a07af0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoMultiByteToWideChar, address_out = 0x7fee8a1005c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoWideCharToMultiByte, address_out = 0x7fee8a08b00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoHrRegisterAll, address_out = 0x7fee8b0cb04 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFSetComponentManager, address_out = 0x7fee8a147c4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFCreateStdComponentManager, address_out = 0x7fee8a03e0c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFHandledMessageNeeded, address_out = 0x7fee8a0ab58 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoPeekMessage, address_out = 0x7fee8a0a820 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFCreateIPref, address_out = 0x7fee8a015ac | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoDestroyIPref, address_out = 0x7fee8a0ebfc | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoChsFromLid, address_out = 0x7fee8a01414 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoCpgFromChs, address_out = 0x7fee8a065d4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoSetLocale, address_out = 0x7fee8a01554 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoFSetHMsoinstOfSdm, address_out = 0x7fee8a03dbc | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoSetVbaInterfaces, address_out = 0x7fee8b0d23c | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsoGetControlInstanceId, address_out = 0x7fee8ad733c | 1 |
Fn
|
|
Get Address | Unknown module name | function = SysFreeString, address_out = 0x7feff5d1320 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LoadTypeLib, address_out = 0x7feff5df1e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegisterTypeLib, address_out = 0x7feff62caa0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = QueryPathOfRegTypeLib, address_out = 0x7feff661760 | 1 |
Fn
|
|
Get Address | Unknown module name | function = UnRegisterTypeLib, address_out = 0x7feff6620d0 | 2 |
Fn
|
|
Get Address | Unknown module name | function = OleTranslateColor, address_out = 0x7feff5fc760 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OleCreateFontIndirect, address_out = 0x7feff62ecd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OleCreatePictureIndirect, address_out = 0x7feff62e840 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OleLoadPicture, address_out = 0x7feff63f420 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OleCreatePropertyFrameIndirect, address_out = 0x7feff634ec0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OleCreatePropertyFrame, address_out = 0x7feff639350 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OleIconToCursor, address_out = 0x7feff606e40 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LoadTypeLibEx, address_out = 0x7feff5da550 | 2 |
Fn
|
|
Get Address | Unknown module name | function = OleLoadPictureEx, address_out = 0x7feff63f320 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x774594f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = MonitorFromWindow, address_out = 0x77455f08 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = MonitorFromRect, address_out = 0x77452b00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = MonitorFromPoint, address_out = 0x7744ab64 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = EnumDisplayMonitors, address_out = 0x77455c30 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = GetMonitorInfoA, address_out = 0x7744a730 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = EnumDisplayDevicesA, address_out = 0x7744a5b4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = DispCallFunc, address_out = 0x7feff5d2270 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateTypeLib2, address_out = 0x7feff65dbd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDateFromUdate, address_out = 0x7feff5d5c90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarUdateFromDate, address_out = 0x7feff5d6330 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetAltMonthNames, address_out = 0x7feff5f66c0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarNumFromParseNum, address_out = 0x7feff5d4710 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarParseNumFromStr, address_out = 0x7feff5d48f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDecFromR4, address_out = 0x7feff60b640 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDecFromR8, address_out = 0x7feff60b360 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDecFromDate, address_out = 0x7feff612640 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDecFromI4, address_out = 0x7feff5f58a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDecFromCy, address_out = 0x7feff5f5820 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarR4FromDec, address_out = 0x7feff60af20 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetRecordInfoFromTypeInfo, address_out = 0x7feff62a0c0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetRecordInfoFromGuids, address_out = 0x7feff662160 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SafeArrayGetRecordInfo, address_out = 0x7feff5f5af0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SafeArraySetRecordInfo, address_out = 0x7feff5f5a90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SafeArrayGetIID, address_out = 0x7feff5f5a60 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SafeArraySetIID, address_out = 0x7feff5f5a30 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SafeArrayCopyData, address_out = 0x7feff5d60b0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SafeArrayAllocDescriptorEx, address_out = 0x7feff5d3e90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SafeArrayCreateEx, address_out = 0x7feff629f80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarFormat, address_out = 0x7feff659b20 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarFormatDateTime, address_out = 0x7feff659aa0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarFormatNumber, address_out = 0x7feff659990 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarFormatPercent, address_out = 0x7feff659890 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarFormatCurrency, address_out = 0x7feff659770 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarWeekdayName, address_out = 0x7feff63b8d0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarMonthName, address_out = 0x7feff63b800 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarAdd, address_out = 0x7feff6548e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarAnd, address_out = 0x7feff659470 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarCat, address_out = 0x7feff6596a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDiv, address_out = 0x7feff652fe0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarEqv, address_out = 0x7feff659cf0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarIdiv, address_out = 0x7feff658ff0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarImp, address_out = 0x7feff659c00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarMod, address_out = 0x7feff658e60 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarMul, address_out = 0x7feff653690 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarOr, address_out = 0x7feff6592d0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarPow, address_out = 0x7feff652e80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarSub, address_out = 0x7feff653f90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarXor, address_out = 0x7feff6591a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarAbs, address_out = 0x7feff637c30 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarFix, address_out = 0x7feff637a60 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarInt, address_out = 0x7feff637890 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarNeg, address_out = 0x7feff637ea0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarNot, address_out = 0x7feff659600 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarRound, address_out = 0x7feff6376a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarCmp, address_out = 0x7feff6583f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDecAdd, address_out = 0x7feff603070 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarDecCmp, address_out = 0x7feff60d700 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarBstrCat, address_out = 0x7feff60d890 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarCyMulI4, address_out = 0x7feff5ecaf0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VarBstrCmp, address_out = 0x7feff5f8a00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CoCreateInstanceEx, address_out = 0x7fefedede90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CLSIDFromProgIDEx, address_out = 0x7fefedfa4c4 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_Destroy, address_out = 0x7fefc0207a4 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_GetIconSize, address_out = 0x7fefc021010 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = InitCommonControls, address_out = 0x7fefc0f8b5c | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_LoadImageA, address_out = 0x7fefc0201a8 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_SetOverlayImage, address_out = 0x7fefc020a70 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_AddMasked, address_out = 0x7fefc020b60 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_GetImageInfo, address_out = 0x7fefc021180 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_Draw, address_out = 0x7fefc020cd8 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = ImageList_DrawEx, address_out = 0x7fefc020bdc | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = PropertySheetA, address_out = 0x7fefc005c64 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = DestroyPropertySheetPage, address_out = 0x7fefbfff018 | 1 |
Fn
|
|
Get Address | c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll | function = CreatePropertySheetPageA, address_out = 0x7fefbfffce8 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 676, address_out = 0x7fef41abd18 | 3 |
Fn
|
|
Get Address | Unknown module name | function = 542, address_out = 0x7fef3fe3834 | 3 |
Fn
|
|
Get Address | Unknown module name | function = 619, address_out = 0x7fef3fe4120 | 3 |
Fn
|
|
Get Address | Unknown module name | function = 717, address_out = 0x7fef41994dc | 3 |
Fn
|
|
Get Address | Unknown module name | function = 593, address_out = 0x7fef4157298 | 3 |
Fn
|
|
Get Address | Unknown module name | function = 644, address_out = 0x7fef3f4bc14 | 3 |
Fn
|
|
Get Address | c:\windows\system32\ntdll.dll | function = NtWriteVirtualMemory, address_out = 0x775916b0 | 2 |
Fn
|
|
Get Address | c:\windows\system32\ntdll.dll | function = NtAllocateVirtualMemory, address_out = 0x77591490 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateTimerQueueTimer, address_out = 0x77328ad0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = DllDebugObjectRPCHook, address_out = 0x7fefef5afd0 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER | 1 |
Fn
|
|
Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER | 1 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Set Attribute | index = 18446744073709551596, new_long = 262401 | 2 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Cursor | x_out = 463, y_out = 330 | 3 |
Fn
|
|
Get Time | type = Local Time, time = 2017-08-22 01:34:00 (Local Time) | 12 |
Fn
|
|
Get Time | type = Local Time, time = 2017-08-22 01:34:01 (Local Time) | 3 |
Fn
|
|
Get Info | type = Operating System | 2 |
Fn
|
|
Get Info | type = Operating System | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | name = DDRYBUR | 1 |
Fn
|
Information | Value |
---|---|
ID | #2 |
File Name | c:\windows\syswow64\svchost.exe |
Command Line | "C:\Windows\SysWOW64\svchost.exe" |
Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
Monitor | Start Time: 00:00:18, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:01:55 |
Information | Value |
---|---|
PID | 0x9dc |
Parent PID | 0x934 (c:\program files\microsoft office\office15\winword.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
9E0
0x
9EC
0x
9F0
0x
9F4
0x
9F8
0x
A00
0x
A08
0x
A18
0x
AB8
0x
8B4
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|||
imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000090000 | 0x00090000 | 0x00091fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x000a0000 | 0x000a0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000b0000 | 0x000b0000 | 0x000effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | Pagefile Backed Memory | Readable |
|
|||
index.dat | 0x00100000 | 0x00107fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x0014ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000150000 | 0x00150000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00190000 | 0x001f6fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000200000 | 0x00200000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x00200000 | 0x00213fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x00220000 | 0x0022ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000230000 | 0x00230000 | 0x00230fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000240000 | 0x00240000 | 0x00240fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000260000 | 0x00260000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x0037ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000380000 | 0x00380000 | 0x003fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000400000 | 0x00400000 | 0x00407fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|||
svchost.exe | 0x004f0000 | 0x004f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000500000 | 0x00500000 | 0x00687fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000006a0000 | 0x006a0000 | 0x006affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006f0000 | 0x006f0000 | 0x007effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000007f0000 | 0x007f0000 | 0x00970fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000980000 | 0x00980000 | 0x01d7ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001d80000 | 0x01d80000 | 0x02172fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002180000 | 0x02180000 | 0x04180fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004190000 | 0x04190000 | 0x06190fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000061a0000 | 0x061a0000 | 0x081a0fff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x081b0000 | 0x0847efff | Memory Mapped File | Readable |
|
|||
private_0x0000000008480000 | 0x08480000 | 0x0856ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008480000 | 0x08480000 | 0x084bffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008530000 | 0x08530000 | 0x0856ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008570000 | 0x08570000 | 0x085affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000085b0000 | 0x085b0000 | 0x085effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000085f0000 | 0x085f0000 | 0x0862ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008630000 | 0x08630000 | 0x0866ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008680000 | 0x08680000 | 0x086bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000086f0000 | 0x086f0000 | 0x0872ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008730000 | 0x08730000 | 0x0876ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008770000 | 0x08770000 | 0x087affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000087b0000 | 0x087b0000 | 0x0890ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008830000 | 0x08830000 | 0x0886ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000088a0000 | 0x088a0000 | 0x088dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008900000 | 0x08900000 | 0x0890ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008910000 | 0x08910000 | 0x08adffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008910000 | 0x08910000 | 0x08a0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008ad0000 | 0x08ad0000 | 0x08adffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008ae0000 | 0x08ae0000 | 0x08cdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008ae0000 | 0x08ae0000 | 0x08b1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008b20000 | 0x08b20000 | 0x09020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000010000000 | 0x10000000 | 0x10013fff | Private Memory | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x73a80000 | 0x73afffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x749a0000 | 0x749b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x749c0000 | 0x749c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x749d0000 | 0x749e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x749f0000 | 0x74a06fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wsock32.dll | 0x74a10000 | 0x74a16fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x74a20000 | 0x74a27fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74a30000 | 0x74a3dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74a40000 | 0x74a7afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74a80000 | 0x74a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netprofm.dll | 0x74aa0000 | 0x74af9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x74b00000 | 0x74b37fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wship6.dll | 0x74b40000 | 0x74b45fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74b50000 | 0x74b54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winrnr.dll | 0x74b60000 | 0x74b67fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pnrpnsp.dll | 0x74bb0000 | 0x74bc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napinsp.dll | 0x74bd0000 | 0x74bdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x74be0000 | 0x74be5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x74bf0000 | 0x74bfffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74c00000 | 0x74c51fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74c60000 | 0x74ca3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74cb0000 | 0x74e4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sensapi.dll | 0x75170000 | 0x75175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rtutils.dll | 0x75180000 | 0x7518cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x75190000 | 0x751a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x751b0000 | 0x751d0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x751e0000 | 0x751eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x751f0000 | 0x75201fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x75210000 | 0x7521cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x75220000 | 0x75226fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x75230000 | 0x7524bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x75530000 | 0x7572afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x758e0000 | 0x75962fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x75990000 | 0x75aacfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x75f60000 | 0x75fa4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x76e10000 | 0x76f04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x76f70000 | 0x76f74fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x76ff0000 | 0x77125fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x776f0000 | 0x776fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 46 entries are omitted.
The remaining entries can be found in flog.txt. |
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x400000, size = 1024 | 1 |
Fn
Data
|
|
Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x401000, size = 7680 | 1 |
Fn
Data
|
|
Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x403000, size = 1024 | 1 |
Fn
Data
|
|
Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x404000, size = 3072 | 1 |
Fn
Data
|
|
Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x405000, size = 8704 | 1 |
Fn
Data
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | 176.00 KB (180224 bytes) |
MD5:
773da788e860440ea6c7b3a6d4801b9d
SHA1: 607f9306fdcb4906b2175c5a20e002c99b29da53 SHA256: 879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\HWID | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Windows\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = FILE_READ_ATTRIBUTES | 2 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES | 2 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 4 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES | 4 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = FILE_READ_ATTRIBUTES | 2 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES | 4 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 2 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES | 2 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES | 2 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = FILE_READ_ATTRIBUTES | 2 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Login Data | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\Client Hash | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL | 1 |
Fn
|
|
Create Temp File | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | path = C:\Users\ADU0VK~1\AppData\Local\Temp\, prefix = BN | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\ | type = file_attributes | 4 |
Fn
|
|
Get Info | C:\Program Files (x86)\Mozilla Firefox | type = file_attributes | 4 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | type = size | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | type = size | 2 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | type = size | 2 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | type = size | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | type = size | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | type = size | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Profiles\ | type = file_attributes | 2 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | size = 4096, size_out = 4096 | 160 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | size = 4096, size_out = 0 | 2 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 4096 | 16 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal | size = 4096, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 4096 | 4 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 2048 | 1 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Login Data | size = 4096, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal | size = 4096, size_out = 0 | 1 |
Fn
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | size = 180224 | 1 |
Fn
Data
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create Key | HKEY_CURRENT_USER\Software\WinRAR | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\WinRAR | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\WinRAR | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\WinRAR | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Ghisler\Windows Commander | 21 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander | 21 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Ghisler\Total Commander | 21 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander | 21 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 9\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FlashFXP\3 | 9 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FlashFXP | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FlashFXP\4 | 12 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\3 | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\4 | 12 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FileZilla | 58 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FileZilla Client | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla Client | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Main | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Main | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Options | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Options | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\BPFTP | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\VanDyke\SecureFX | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Martin Prikryl | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Martin Prikryl | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Opera Software | 6 |
Fn
|
||
Open Key | HKEY_CLASSES_ROOT\Opera.HTML\shell\open\command | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 12 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 12 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 12 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 6 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 6 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla | 4 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | 4 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | 225 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData | 222 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\ChromePlus | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Mail | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\IncrediMail | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\IncrediMail | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Identities | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Internet Account Manager\Accounts | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\4c81aa8e3cec3747ac89336bb7dabb3d | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\660d890c36162745aa4a6e18387402e2 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8ad20125b268ee4082a7beb234d21c3e | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\91cde86748046c41886c2f5227df24b7 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | 93 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | 85 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | 56 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a1d7e55f7cf9a243ba916d5f08f9bae8 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a44233f8b7f7d346b14b6c8d0728d9dd | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ee39677bbdea5143a837a52d64001c8f | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\WinRAR | 1 |
Fn
|
||
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = UninstallString, data = 67 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayName, data = 65 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = 71 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = UninstallString, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayName, data = 74 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayName, data = 65 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | value_name = UninstallString, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, data = 34 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, data = 0, type = REG_EXPAND_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayName, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayName, data = 77 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, type = REG_BINARY | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, data = 123 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox | value_name = PathToExe, type = REG_NONE | 9 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | value_name = PathToExe, type = REG_NONE | 9 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | value_name = PathToExe, type = REG_NONE | 9 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | value_name = PathToExe, type = REG_NONE | 6 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | value_name = PathToExe, type = REG_NONE | 6 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | value_name = PathToExe, type = REG_NONE | 6 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | value_name = PathToExe, type = REG_NONE | 6 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | value_name = PathToExe, data = 0, type = REG_SZ | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | value_name = PathToExe, data = 67 | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | value_name = PathToExe, type = REG_NONE | 6 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | value_name = PathToExe, type = REG_NONE | 6 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | value_name = PathToExe, data = 0, type = REG_SZ | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | value_name = PathToExe, data = 67 | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | value_name = PathToExe, type = REG_NONE | 6 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Mozilla | value_name = PathToExe, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla | value_name = PathToExe, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Mail | value_name = Salt, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, data = 83 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Email Address, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Email Address, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = Email, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP Server URL, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Port, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Port, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Port, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Email Address, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Server, type = REG_BINARY | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Server, data = 100 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Server, type = REG_BINARY | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Server, data = 114 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Email Address, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email, type = REG_BINARY | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email, data = 99 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP Server URL, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User, type = REG_BINARY | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User, data = 99 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Password2, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Password, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Port, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Port, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Port, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Email Address, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Email Address, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP Server URL, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTPMail User Name, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTPMail Server, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Password2, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = Client Hash, type = REG_NONE | 1 |
Fn
|
|
Write Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, size = 38, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = Client Hash, size = 16, type = REG_BINARY | 1 |
Fn
Data
|
|
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 3 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 3 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 3 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 3 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 3 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 3 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Identities | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Identities | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\4c81aa8e3cec3747ac89336bb7dabb3d | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\660d890c36162745aa4a6e18387402e2 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8ad20125b268ee4082a7beb234d21c3e | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\91cde86748046c41886c2f5227df24b7 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a1d7e55f7cf9a243ba916d5f08f9bae8 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a44233f8b7f7d346b14b6c8d0728d9dd | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ee39677bbdea5143a837a52d64001c8f | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | cmd /K | os_pid = 0xa34, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE | 1 |
Fn
|
|
Create | C:\Windows\System32\svchost.exe | os_pid = 0xa68, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, show_window = SW_HIDE | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | os_pid = 0xa7c, show_window = SW_HIDE | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\taskhost.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\dwm.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\explorer.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\taskhost.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\dwm.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\explorer.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\taskhost.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\dwm.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\explorer.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\taskhost.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\System32\dwm.exe | 1 |
Fn
|
|
Get filename | c:\windows\syswow64\svchost.exe | file_name = \Device\HarddiskVolume1\Windows\explorer.exe | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 4 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 2 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 2 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 2 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\syswow64\svchost.exe | desired_access = PROCESS_QUERY_INFORMATION | 2 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Get Context | c:\windows\syswow64\svchost.exe | os_tid = 0x9e0 | 1 |
Fn
|
|
Set Context | c:\windows\syswow64\svchost.exe | os_tid = 0x9e0 | 1 |
Fn
|
|
Resume | c:\windows\syswow64\svchost.exe | os_tid = 0x9e0 | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Allocate | C:\Windows\System32\svchost.exe | address = 0xbc00000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 73728 | 1 |
Fn
|
|
Write | C:\Windows\System32\svchost.exe | address = 0xbc00000, size = 73728 | 1 |
Fn
Data
|
|
Write | C:\Windows\System32\svchost.exe | address = 0x7efde008, size = 4 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | WININET.dll | base_address = 0x76e10000 | 10 |
Fn
|
|
Load | IPHLPAPI.DLL | base_address = 0x75230000 | 1 |
Fn
|
|
Load | PSAPI.DLL | base_address = 0x76f70000 | 2 |
Fn
|
|
Load | ntdll.dll | base_address = 0x77720000 | 1 |
Fn
|
|
Load | KERNEL32.dll | base_address = 0x75dc0000 | 37 |
Fn
|
|
Load | USER32.dll | base_address = 0x757e0000 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x77280000 | 11 |
Fn
|
|
Load | wsock32.dll | base_address = 0x74a10000 | 1 |
Fn
|
|
Load | userenv.dll | base_address = 0x749f0000 | 2 |
Fn
|
|
Load | ole32.dll | base_address = 0x752e0000 | 1 |
Fn
|
|
Load | crypt32.dll | base_address = 0x75990000 | 1 |
Fn
|
|
Load | advapi32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Load | shell32.dll | base_address = 0x75fe0000 | 1 |
Fn
|
|
Load | netapi32.dll | base_address = 0x749d0000 | 1 |
Fn
|
|
Load | kernel32.dll | base_address = 0x75dc0000 | 1 |
Fn
|
|
Load | vaultcli.dll | base_address = 0x74970000 | 1 |
Fn
|
|
Load | msi.dll | base_address = 0x745f0000 | 1 |
Fn
|
|
Load | pstorec.dll | base_address = 0x74960000 | 1 |
Fn
|
|
Load | nss3.dll | base_address = 0x74430000 | 2 |
Fn
|
|
Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75dc0000 | 7 |
Fn
|
|
Get Handle | wsock32.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\urlmon.dll | base_address = 0x76ff0000 | 1 |
Fn
|
|
Get Handle | userenv.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\ole32.dll | base_address = 0x752e0000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x757e0000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\wininet.dll | base_address = 0x76e10000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\shlwapi.dll | base_address = 0x76f10000 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address_out = 0x76e3f18e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address_out = 0x76ea18f8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = HttpQueryInfoA, address_out = 0x76e2a33e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetCrackUrlA, address_out = 0x76e1d075 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address_out = 0x76e34c7d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetOptionA, address_out = 0x76e275e8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionA, address_out = 0x76e21b56 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x76e2b406 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address_out = 0x76e349e9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x76e2ab49 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetAdaptersAddresses, address_out = 0x75236a4d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\psapi.dll | function = GetProcessImageFileNameA, address_out = 0x76f7168e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\psapi.dll | function = EnumProcesses, address_out = 0x76f71544 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ntdll.dll | function = RtlDecompressBuffer, address_out = 0x777dfded | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameA, address_out = 0x75deb6e0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x75dd53c6 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7774e026 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x75dd14c9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x75dd14e9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x75dd4467 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcpyA, address_out = 0x75df2a9d | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcatA, address_out = 0x75df2b7a | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x75dd5a4b | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryA, address_out = 0x75df2b0a | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetVolumeInformationA, address_out = 0x75df6dcb | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualQuery, address_out = 0x75dd445a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75dd10ff | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75dd1222 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75dd1856 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75dd186e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAllocEx, address_out = 0x75ded9b0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFreeEx, address_out = 0x75ded9c8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address_out = 0x75dd1986 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x75ded802 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75dd34d5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessId, address_out = 0x75dfcf04 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75dd11c0 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WriteProcessMemory, address_out = 0x75ded9e0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadContext, address_out = 0x75df79d4 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadContext, address_out = 0x75e55393 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address_out = 0x75dd43ef | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75dd1282 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75dd1410 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address_out = 0x75dd49ca | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address_out = 0x75dd3e8e | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x75dd49d7 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x75dd1245 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x75dd1072 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableA, address_out = 0x75dd33a0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTempPathA, address_out = 0x75df276c | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTempFileNameA, address_out = 0x75df9d3f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x7580ae5f | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyHash, address_out = 0x7728df66 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptHashData, address_out = 0x7728df36 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptCreateHash, address_out = 0x7728df4e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x772c3178 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x7728c51a | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x772c3188 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x7728e124 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextA, address_out = 0x772891dd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = LookupAccountSidA, address_out = 0x772c1daa | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address_out = 0x7729431c | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x77294304 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x75de10b5 | 6 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = inet_addr, address_out = 0x76dd311b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = gethostbyname, address_out = 0x76de7673 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = socket, address_out = 0x76dd3eb8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = connect, address_out = 0x76dd6bdd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = closesocket, address_out = 0x76dd3918 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = send, address_out = 0x76dd6f01 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = select, address_out = 0x76dd6989 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = recv, address_out = 0x74a117a8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = setsockopt, address_out = 0x74a118e0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wsock32.dll | function = WSAStartup, address_out = 0x76dd3ab2 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75dd3ed3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalLock, address_out = 0x75ded0a7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalUnlock, address_out = 0x75decfdf | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LocalFree, address_out = 0x75dd2d3c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address_out = 0x75dd168c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75dd110c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x75dd5414 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsA, address_out = 0x75deeb39 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x75dd196e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileMappingA, address_out = 0x75dd5506 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = MapViewOfFile, address_out = 0x75dd18f1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = UnmapViewOfFile, address_out = 0x75dd1826 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryA, address_out = 0x75dfd526 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileA, address_out = 0x75dd5444 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75dd1809 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x75dd170d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpA, address_out = 0x75deeceb | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x75df735f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32First, address_out = 0x75df8ae7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32Next, address_out = 0x75df88a4 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileA, address_out = 0x75dde2ce | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileA, address_out = 0x75dfd53e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75dd4442 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExA, address_out = 0x75dd3519 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoA, address_out = 0x75ded5e5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetPrivateProfileStringA, address_out = 0x75de184c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetCurrentDirectoryA, address_out = 0x75de1834 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetPrivateProfileSectionNamesA, address_out = 0x75e4a1c9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetPrivateProfileIntA, address_out = 0x75dfcdd7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentDirectoryA, address_out = 0x75dfd4f6 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenW, address_out = 0x75dd1700 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexA, address_out = 0x75dd4c6b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringA, address_out = 0x75dfbc39 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75dd7a10 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x75dd87c9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\urlmon.dll | function = ObtainUserAgentString, address_out = 0x77021d76 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\userenv.dll | function = LoadUserProfileA, address_out = 0x749fe071 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\userenv.dll | function = UnloadUserProfile, address_out = 0x749f3e6f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ole32.dll | function = CreateStreamOnHGlobal, address_out = 0x7530363b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ole32.dll | function = GetHGlobalFromStream, address_out = 0x753041d5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateGuid, address_out = 0x753215d5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ole32.dll | function = CoTaskMemFree, address_out = 0x75336f41 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75329d0b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ole32.dll | function = OleInitialize, address_out = 0x752fefd7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = FindWindowExA, address_out = 0x758000d9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = SendMessageA, address_out = 0x7580612e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetClassNameA, address_out = 0x758079df | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = SendMessageW, address_out = 0x757f9679 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x77294907 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x772948ef | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7729469d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyA, address_out = 0x7728cc15 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegEnumKeyExA, address_out = 0x77291481 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyA, address_out = 0x7728cd01 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExA, address_out = 0x772914b3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = IsTextUnicode, address_out = 0x7729448e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenCurrentUser, address_out = 0x772915ad | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x772aa4b4 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetCreateUrlA, address_out = 0x76e2dbcd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrIA, address_out = 0x76f1d250 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = StrRChrIA, address_out = 0x76f4e13f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = StrToIntA, address_out = 0x76f3cd65 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = StrCmpNIA, address_out = 0x76f1d11c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrIW, address_out = 0x76f246e9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrA, address_out = 0x76f3c45b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ole32.dll | function = StgOpenStorage, address_out = 0x752f480e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\crypt32.dll | function = CryptUnprotectData, address_out = 0x759c5a7f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\crypt32.dll | function = CertOpenSystemStoreA, address_out = 0x759e5ff0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\crypt32.dll | function = CertEnumCertificatesInStore, address_out = 0x7599e33a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\crypt32.dll | function = CertCloseStore, address_out = 0x7599dd10 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\crypt32.dll | function = CryptAcquireCertificatePrivateKey, address_out = 0x759e5a3b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = AllocateAndInitializeSid, address_out = 0x772940e6 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CheckTokenMembership, address_out = 0x7728df04 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = FreeSid, address_out = 0x7729412e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CredEnumerateA, address_out = 0x772c7381 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CredFree, address_out = 0x7728b2ec | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGetUserKey, address_out = 0x772c3228 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x772891ea | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RevertToSelf, address_out = 0x77291562 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = ImpersonateLoggedOnUser, address_out = 0x7728c57a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = ConvertSidToStringSidA, address_out = 0x772b192a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = LogonUserA, address_out = 0x772c2654 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = LookupPrivilegeValueA, address_out = 0x7729404a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x7729418e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CreateProcessAsUserA, address_out = 0x772c2538 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shell32.dll | function = SHGetFolderPathA, address_out = 0x760f7804 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\netapi32.dll | function = NetApiBufferFree, address_out = 0x749c13d2 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\netapi32.dll | function = NetUserEnum, address_out = 0x749859cf | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WTSGetActiveConsoleSessionId, address_out = 0x75e53f49 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ProcessIdToSessionId, address_out = 0x75dd1275 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VaultOpenVault, address_out = 0x749726a9 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VaultEnumerateItems, address_out = 0x74973099 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VaultGetItem, address_out = 0x74973242 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VaultCloseVault, address_out = 0x74972718 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VaultFree, address_out = 0x74974321 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MsiGetComponentPathA, address_out = 0x746aecd5 | 1 |
Fn
|
|
Get Address | Unknown module name | function = PStoreCreateInstance, address_out = 0x7496526c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\userenv.dll | function = CreateEnvironmentBlock, address_out = 0x749f1a7a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\userenv.dll | function = DestroyEnvironmentBlock, address_out = 0x749f1a4e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x75dd195e | 1 |
Fn
|
|
Get Address | Unknown module name | function = NSS_Init, address_out = 0x744ed70b | 2 |
Fn
|
|
Get Address | Unknown module name | function = NSS_Shutdown, address_out = 0x744ed13c | 2 |
Fn
|
|
Get Address | Unknown module name | function = NSSBase64_DecodeBuffer, address_out = 0x744ee7d9 | 2 |
Fn
|
|
Get Address | Unknown module name | function = SECITEM_FreeItem, address_out = 0x744ee656 | 2 |
Fn
|
|
Get Address | Unknown module name | function = PK11_GetInternalKeySlot, address_out = 0x74483c51 | 2 |
Fn
|
|
Get Address | Unknown module name | function = PK11_Authenticate, address_out = 0x7446d3ca | 2 |
Fn
|
|
Get Address | Unknown module name | function = PK11SDR_Decrypt, address_out = 0x744800a7 | 2 |
Fn
|
|
Get Address | Unknown module name | function = PK11_FreeSlot, address_out = 0x74483333 | 2 |
Fn
|
|
Create Mapping | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 | 1 |
Fn
|
|
Create Mapping | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 | 2 |
Fn
|
|
Create Mapping | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 | 1 |
Fn
|
|
Create Mapping | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 | 1 |
Fn
|
|
Create Mapping | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 | 1 |
Fn
|
|
Create Mapping | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 | 1 |
Fn
|
|
Create Mapping | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 | 1 |
Fn
|
|
Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ | 1 |
Fn
|
|
Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ | 2 |
Fn
|
|
Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ | 1 |
Fn
|
|
Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ | 2 |
Fn
|
|
Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite | process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ | 2 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | interface = 3C374A41-BAE4-11CF-BF7D-00AA006946EE, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER | 1 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Find | TeamViewer | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Computer Name | result_out = AUFDDCNTXWT | 4 |
Fn
|
|
Sleep | duration = 60000 milliseconds (60.000 seconds) | 8 |
Fn
|
|
Get Info | type = Operating System | 4 |
Fn
|
|
Get Info | type = Windows Directory, result_out = C:\Windows | 3 |
Fn
|
|
Get Info | type = Hardware Information | 5 |
Fn
|
|
Get Info | type = Operating System | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | mutex_name = Local\mtxLogMeInIgnition.IgnitionMutex | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | name = SystemRoot, result_out = C:\Windows | 1 |
Fn
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Enumerate Sections | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini | data_out = General, size = 65000 | 4 |
Fn
|
|
Read | C:\Windows\win.ini | section_name = WS_FTP, key_name = DIR | 1 |
Fn
|
|
Read | C:\Windows\win.ini | section_name = WS_FTP, key_name = DEFDIR | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini | section_name = Profile0, key_name = Path, data_out = Profiles/asmpdd98.default | 4 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini | section_name = Profile0, key_name = IsRelative, default_value = 1 | 4 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Resolve Name | host = butsulacoft.com, address_out = 62.109.18.138 | 1 |
Fn
|
Information | Value |
---|---|
Total Data Sent | 0.70 KB (715 bytes) |
Total Data Received | 0.16 KB (168 bytes) |
Contacted Host Count | 1 |
Contacted Hosts | 62.109.18.138:80 |
Information | Value |
---|---|
Handle | 0x3e0 |
Address Family | AF_INET |
Type | SOCK_STREAM |
Protocol | IPPROTO_TCP |
Remote Address | 62.109.18.138 |
Remote Port | 80 |
Local Address | 0.0.0.0 |
Local Port | 2752 |
Data Sent | 0.70 KB (715 bytes) |
Data Received | 0.16 KB (168 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM | 1 |
Fn
|
|
Connect | remote_address = 62.109.18.138, remote_port = 80 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 436, size_out = 436 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 279, size_out = 279 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 | 148 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2048, size_out = 20 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2048, size_out = 0 | 1 |
Fn
|
|
Close | type = SOCK_STREAM | 1 |
Fn
|
Information | Value |
---|---|
Total Data Sent | 2.56 KB (2621 bytes) |
Total Data Received | 241.46 KB (247253 bytes) |
Contacted Host Count | 4 |
Contacted Hosts | api.ipify.org, butsulacoft.com, supritofuld.ru, tekstheks.nl |
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | api.ipify.org |
Server Port | 80 |
Data Sent | 0.22 KB (228 bytes) |
Data Received | 0.02 KB (18 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = api.ipify.org, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = GET, accept_types = 4223056, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = api.ipify.org/ | 1 |
Fn
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 32, size_out = 14 | 1 |
Fn
Data
|
|
Read Response | size = 18, size_out = 0 | 1 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | butsulacoft.com |
Server Port | 80 |
Data Sent | 0.24 KB (246 bytes) |
Data Received | 0.00 KB (4 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = butsulacoft.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, target_resource = /ls5/forum.php, accept_types = 4223048, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Content-Type: application/x-www-form-urlencoded, url = butsulacoft.com/ls5/forum.php | 1 |
Fn
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | supritofuld.ru |
Server Port | 80 |
Data Sent | 0.24 KB (244 bytes) |
Data Received | 1.03 KB (1052 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = supritofuld.ru, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, target_resource = /ls5/forum.php, accept_types = 4223048, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Content-Type: application/x-www-form-urlencoded, url = supritofuld.ru/ls5/forum.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 33554431, size_out = 1048 | 1 |
Fn
Data
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | tekstheks.nl |
Server Port | 80 |
Data Sent | 0.24 KB (245 bytes) |
Data Received | 45.26 KB (46348 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = tekstheks.nl, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = GET, target_resource = /wp-admin/includes/1, accept_types = 4223056, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = tekstheks.nl/wp-admin/includes/1 | 1 |
Fn
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 5242880, size_out = 46344 | 1 |
Fn
Data
|
|
Read Response | size = 5196536, size_out = 0 | 1 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | tekstheks.nl |
Server Port | 80 |
Data Sent | 0.24 KB (245 bytes) |
Data Received | 46.30 KB (47407 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = tekstheks.nl, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = GET, target_resource = /wp-admin/includes/2, accept_types = 4223056, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = tekstheks.nl/wp-admin/includes/2 | 1 |
Fn
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 5242880, size_out = 47403 | 1 |
Fn
Data
|
|
Read Response | size = 5195477, size_out = 0 | 1 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | tekstheks.nl |
Server Port | 80 |
Data Sent | 0.24 KB (245 bytes) |
Data Received | 148.80 KB (152376 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = tekstheks.nl, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = GET, target_resource = /wp-admin/includes/3, accept_types = 4223056, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = tekstheks.nl/wp-admin/includes/3 | 1 |
Fn
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 5242880, size_out = 152372 | 1 |
Fn
Data
|
|
Read Response | size = 5090508, size_out = 0 | 1 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | supritofuld.ru |
Server Port | 80 |
Data Sent | 0.24 KB (244 bytes) |
Data Received | 0.02 KB (16 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = supritofuld.ru, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, target_resource = /ls5/forum.php, accept_types = 4223048, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Content-Type: application/x-www-form-urlencoded, url = supritofuld.ru/ls5/forum.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 33554431, size_out = 12 | 1 |
Fn
Data
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | supritofuld.ru |
Server Port | 80 |
Data Sent | 0.24 KB (244 bytes) |
Data Received | 0.02 KB (16 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = supritofuld.ru, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, target_resource = /ls5/forum.php, accept_types = 4223048, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Content-Type: application/x-www-form-urlencoded, url = supritofuld.ru/ls5/forum.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 33554431, size_out = 12 | 1 |
Fn
Data
|
Information | Value |
---|---|
User Agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko |
Server Name | supritofuld.ru |
Server Port | 80 |
Data Sent | 0.24 KB (244 bytes) |
Data Received | 0.02 KB (16 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = supritofuld.ru, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, target_resource = /ls5/forum.php, accept_types = 4223048, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Content-Type: application/x-www-form-urlencoded, url = supritofuld.ru/ls5/forum.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 33554431, size_out = 12 | 1 |
Fn
Data
|
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | butsulacoft.com |
Server Port | 80 |
Data Sent | 0.43 KB (436 bytes) |
Data Received | 0.00 KB (0 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS | 1 |
Fn
|
|
Open Connection | protocol = http, server_name = butsulacoft.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, http_version = HTTP/1.0, target_resource = /mlu/forum.php | 1 |
Fn
|
|
Send HTTP Request | headers = content-length: 279, accept-language: en-US, accept-encoding: identity, *;q=0, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), host: butsulacoft.com, content-type: application/octet-stream, url = butsulacoft.com/mlu/forum.php | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #4 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | cmd /K |
Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
Monitor | Start Time: 00:00:47, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:01:26 |
Information | Value |
---|---|
PID | 0xa34 |
Parent PID | 0x9dc (c:\windows\syswow64\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
A38
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000c0000 | 0x000c0000 | 0x0013ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00140000 | 0x001a6fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000230000 | 0x00230000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000320000 | 0x00320000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000470000 | 0x00470000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000570000 | 0x00570000 | 0x006f7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000700000 | 0x00700000 | 0x00880fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000890000 | 0x00890000 | 0x01c8ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001c90000 | 0x01c90000 | 0x01fd2fff | Pagefile Backed Memory | Readable |
|
|||
cmd.exe | 0x4a5a0000 | 0x4a5ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74920000 | 0x74926fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Get Info | C:\Users\aDU0VK IWA5kLS\Desktop | type = file_attributes | 2 |
Fn
|
|
Get Info | STD_OUTPUT_HANDLE | type = file_type | 2 |
Fn
|
|
Get Info | STD_INPUT_HANDLE | type = file_type | 4 |
Fn
|
|
Open | STD_OUTPUT_HANDLE | 13 |
Fn
|
||
Open | STD_INPUT_HANDLE | 11 |
Fn
|
||
Read | STD_INPUT_HANDLE | size = 8192 | 1 |
Fn
|
|
Write | STD_OUTPUT_HANDLE | size = 32 | 1 |
Fn
Data
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
||
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a5a0000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75dc0000 | 2 |
Fn
|
|
Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
||
Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75dea84f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75df3b92 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75dd4a5d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75dea79d | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Time | type = System Time, time = 2017-08-21 21:04:28 (UTC) | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | 4 |
Fn
Data
|
||
Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Get Environment String | name = PROMPT | 1 |
Fn
|
|
Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Get Environment String | name = KEYS | 1 |
Fn
|
|
Get Environment String | name = PROMPT, result_out = $P$G | 1 |
Fn
|
|
Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Set Environment String | name = =C:, value = C:\Users\aDU0VK IWA5kLS\Desktop | 1 |
Fn
|
Information | Value |
---|---|
ID | #5 |
File Name | c:\windows\syswow64\svchost.exe |
Command Line | C:\Windows\System32\svchost.exe |
Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
Monitor | Start Time: 00:00:55, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:01:18 |
Information | Value |
---|---|
PID | 0xa68 |
Parent PID | 0x9dc (c:\windows\syswow64\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
A6C
0x
A70
0x
A74
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x0003ffff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000080000 | 0x00080000 | 0x00080fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x000cffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|||
tzres.dll | 0x00140000 | 0x00140fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000150000 | 0x00150000 | 0x001cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d6fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000001e0000 | 0x001e0000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000220000 | 0x00220000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x0039ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003a0000 | 0x003a0000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003a0000 | 0x003a0000 | 0x003a1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Pagefile Backed Memory | Readable |
|
|||
oleaccrc.dll | 0x003c0000 | 0x003c0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x003e0000 | 0x003e0fff | Memory Mapped File | Readable |
|
|||
index.dat | 0x003e0000 | 0x003e7fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f1fff | Pagefile Backed Memory | Readable |
|
|||
index.dat | 0x00400000 | 0x00413fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x00420000 | 0x0042ffff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000430000 | 0x00430000 | 0x00431fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004a0000 | 0x004a0000 | 0x004dffff | Private Memory | Readable, Writable |
|
|||
svchost.exe | 0x004f0000 | 0x004f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000500000 | 0x00500000 | 0x00687fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000690000 | 0x00690000 | 0x00810fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000820000 | 0x00820000 | 0x01c1ffff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x01c20000 | 0x01eeefff | Memory Mapped File | Readable |
|
|||
private_0x0000000001ef0000 | 0x01ef0000 | 0x01ff0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ef0000 | 0x01ef0000 | 0x020cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ef0000 | 0x01ef0000 | 0x01feffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ff0000 | 0x01ff0000 | 0x0206ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ff0000 | 0x01ff0000 | 0x0205ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002060000 | 0x02060000 | 0x0206ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000020c0000 | 0x020c0000 | 0x020cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000020d0000 | 0x020d0000 | 0x021cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002100000 | 0x02100000 | 0x021fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002200000 | 0x02200000 | 0x025f2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002600000 | 0x02600000 | 0x02700fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002620000 | 0x02620000 | 0x0265ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002660000 | 0x02660000 | 0x02c00fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002660000 | 0x02660000 | 0x027affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002660000 | 0x02660000 | 0x0274ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000026b0000 | 0x026b0000 | 0x026effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002710000 | 0x02710000 | 0x0274ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002770000 | 0x02770000 | 0x027affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027b0000 | 0x027b0000 | 0x028fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027b0000 | 0x027b0000 | 0x028affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a00000 | 0x02a00000 | 0x02afffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c10000 | 0x02c10000 | 0x02d10fff | Private Memory | Readable, Writable |
|
|||
private_0x000000000bc00000 | 0x0bc00000 | 0x0bc11fff | Private Memory | Readable, Writable, Executable |
|
|||
ieframe.dll | 0x72b70000 | 0x735effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x73a80000 | 0x73afffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
freebl3.dll | 0x74210000 | 0x7425efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nssdbm3.dll | 0x74260000 | 0x74276fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
softokn3.dll | 0x74280000 | 0x742a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
samlib.dll | 0x742b0000 | 0x742c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mlang.dll | 0x742d0000 | 0x742fdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcp100.dll | 0x74300000 | 0x74368fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcr100.dll | 0x74370000 | 0x7442efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nss3.dll | 0x74430000 | 0x745e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleacc.dll | 0x74870000 | 0x748abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mozglue.dll | 0x748b0000 | 0x748d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winmm.dll | 0x748e0000 | 0x74911fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x74940000 | 0x74953fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pstorec.dll | 0x74960000 | 0x7496cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
vaultcli.dll | 0x74970000 | 0x7497bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
samcli.dll | 0x74980000 | 0x7498efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74990000 | 0x7499efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x749a0000 | 0x749b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x749c0000 | 0x749c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x749d0000 | 0x749e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x749f0000 | 0x74a06fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wsock32.dll | 0x74a10000 | 0x74a16fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x74b00000 | 0x74b37fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74b50000 | 0x74b54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winrnr.dll | 0x74b60000 | 0x74b67fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pnrpnsp.dll | 0x74bb0000 | 0x74bc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napinsp.dll | 0x74bd0000 | 0x74bdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x74be0000 | 0x74be5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x74bf0000 | 0x74bfffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74c60000 | 0x74ca3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74cb0000 | 0x74e4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x751e0000 | 0x751eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x75220000 | 0x75226fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x75230000 | 0x7524bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x75530000 | 0x7572afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x758e0000 | 0x75962fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x75990000 | 0x75aacfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x76e10000 | 0x76f04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x76f70000 | 0x76f74fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x76ff0000 | 0x77125fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x776f0000 | 0x776fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #2: c:\windows\syswow64\svchost.exe | 0x9e0 | address = 0xbc00000, size = 73728 | 1 |
Fn
Data
|
|
Modify Memory | #2: c:\windows\syswow64\svchost.exe | 0x9e0 | address = 0x7efde008, size = 4 | 1 |
Fn
Data
|
|
Modify Control Flow | #2: c:\windows\syswow64\svchost.exe | 0x9e0 | os_tid = 0xa6c, address = 0x0 | 1 |
Fn
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\sitemanager.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\recentservers.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\filezilla.xml | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Program Files (x86)\CuteFTP\sm.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Windows\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\GHISLER\wcx_ftp.ini | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\5\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\5\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\5\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\5\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\5\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\ProgramData\FlashFXP\5\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\5\Sites.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\5\Quick.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\5\History.dat | desired_access = FILE_READ_ATTRIBUTES | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\Profiles\asmpdd98.default\signons.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Jaxx\Local Storage\file__0.localstorage | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 4096 | 16 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data | size = 4096, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal | size = 4096, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\Profiles\asmpdd98.default\signons.sqlite | size = 4096, size_out = 4096 | 80 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\Profiles\asmpdd98.default\signons.sqlite | size = 4096, size_out = 0 | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open Key | HKEY_CURRENT_USER\Software\WinRAR | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FileZilla | 58 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FileZilla Client | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FileZilla Client | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\VanDyke\SecureFX | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 9\QCToolbar | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Ghisler\Windows Commander | 21 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander | 21 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander | 21 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Ghisler\Total Commander | 21 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FlashFXP\3 | 9 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FlashFXP | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FlashFXP\4 | 12 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\3 | 9 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\4 | 12 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\FlashFXP\5 | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\FlashFXP\5 | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Martin Prikryl | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Martin Prikryl | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 4 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 4 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 4 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 3 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | 109 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData | 108 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Identities | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Internet Account Manager\Accounts | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\4c81aa8e3cec3747ac89336bb7dabb3d | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\660d890c36162745aa4a6e18387402e2 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8ad20125b268ee4082a7beb234d21c3e | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\91cde86748046c41886c2f5227df24b7 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a1d7e55f7cf9a243ba916d5f08f9bae8 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a44233f8b7f7d346b14b6c8d0728d9dd | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ee39677bbdea5143a837a52d64001c8f | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 2 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 2 |
Fn
|
||
Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, type = REG_BINARY | 2 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = HWID, data = 123 | 2 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox | value_name = PathToExe, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | value_name = PathToExe, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | value_name = PathToExe, type = REG_NONE | 3 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | value_name = PathToExe, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | value_name = PathToExe, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | value_name = PathToExe, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | value_name = PathToExe, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | value_name = PathToExe, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | value_name = PathToExe, data = 67 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | value_name = PathToExe, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | value_name = PathToExe, type = REG_NONE | 2 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | value_name = PathToExe, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | value_name = PathToExe, data = 67 | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | value_name = PathToExe, type = REG_NONE | 2 |
Fn
|
|
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 1 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Identities | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Identities | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\4c81aa8e3cec3747ac89336bb7dabb3d | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\660d890c36162745aa4a6e18387402e2 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8ad20125b268ee4082a7beb234d21c3e | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\91cde86748046c41886c2f5227df24b7 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a1d7e55f7cf9a243ba916d5f08f9bae8 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a44233f8b7f7d346b14b6c8d0728d9dd | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ee39677bbdea5143a837a52d64001c8f | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | 1 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_CURRENT_USER\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | 2 |
Fn
|
||
Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | 2 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | KERNEL32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | USER32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | SHELL32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | ole32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | WS2_32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | SHLWAPI.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | WININET.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | urlmon.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | NETAPI32.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | USERENV.dll | base_address = 0x0 | 1 |
Fn
|
|
Load | nss3.dll | base_address = 0x74430000 | 1 |
Fn
|
|
Load | vaultcli.dll | base_address = 0x74970000 | 1 |
Fn
|
|
Load | Pstorec.dll | base_address = 0x74960000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75dc0000 | 2 |
Fn
|
|
Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77720000 | 305 |
Fn
|
|
Get Address | function = GetSystemInfo, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetPrivateProfileSectionNamesA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = FindNextFileA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetCurrentDirectoryA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetVersionExA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = LocalFree, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrcpyA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CreateFileA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetFileSize, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetCurrentProcess, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetPrivateProfileStringA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = WriteFile, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetFileAttributesA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = ReadFile, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrcatA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetTempPathA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = IsDebuggerPresent, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = SetUnhandledExceptionFilter, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = UnhandledExceptionFilter, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = TerminateProcess, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = FindClose, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = SetCurrentDirectoryA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrlenW, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrcmpW, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetPrivateProfileIntA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetLocaleInfoA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrcmpA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CloseHandle, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = LCMapStringA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GlobalUnlock, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = Sleep, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GlobalLock, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = lstrlenA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = ExitProcess, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetTickCount, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RtlUnwind, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = FindWindowExA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = SendMessageA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = SendMessageW, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = wsprintfA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetClassNameA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CredEnumerateA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = FreeSid, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = AllocateAndInitializeSid, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RegOpenKeyExA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = LookupPrivilegeValueA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RegCreateKeyA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RegQueryValueExA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RegSetValueExA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = IsTextUnicode, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = OpenProcessToken, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RegCloseKey, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RegOpenKeyA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RegEnumKeyExA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CredFree, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = LogonUserA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetUserNameA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = RevertToSelf, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = ImpersonateLoggedOnUser, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = AdjustTokenPrivileges, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CheckTokenMembership, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = SHGetFolderPathA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = OleInitialize, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = GetHGlobalFromStream, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CreateStreamOnHGlobal, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CoCreateGuid, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CoTaskMemFree, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = CoCreateInstance, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 21, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 19, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 23, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 3, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 52, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 4, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 9, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 115, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 11, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 16, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = 0, ordinal = 18, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = StrRChrIA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = StrCmpNIA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = StrStrA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = StrStrIW, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = StrToIntA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = StrStrIA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = InternetCrackUrlA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = InternetCreateUrlA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = ObtainUserAgentString, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = NetApiBufferFree, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = NetUserEnum, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = UnloadUserProfile, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | function = LoadUserProfileA, ordinal = 0, address_out = 0x21fe3c | 1 |
Fn
|
||
Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x75de10b5 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x75dd195e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ntdll.dll | function = memmove, address_out = 0x77758f50 | 56 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = NSS_Init, address_out = 0x744ed70b | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = PK11_GetInternalKeySlot, address_out = 0x74483c51 | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = PK11_Authenticate, address_out = 0x7446d3ca | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = PK11SDR_Decrypt, address_out = 0x744800a7 | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = NSSBase64_DecodeBuffer, address_out = 0x744ee7d9 | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = PK11_CheckUserPassword, address_out = 0x7446cbc4 | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = SECITEM_FreeItem, address_out = 0x744ee656 | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = NSS_Shutdown, address_out = 0x744ed13c | 1 |
Fn
|
|
Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = PK11_FreeSlot, address_out = 0x74483333 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ntdll.dll | function = memcpy, address_out = 0x77742340 | 249 |
Fn
|
|
Get Address | c:\windows\syswow64\vaultcli.dll | function = VaultEnumerateItems, address_out = 0x74973099 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\vaultcli.dll | function = VaultEnumerateVaults, address_out = 0x74972945 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\vaultcli.dll | function = VaultFree, address_out = 0x74974321 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\vaultcli.dll | function = VaultGetItem, address_out = 0x74973242 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\vaultcli.dll | function = VaultOpenVault, address_out = 0x749726a9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\vaultcli.dll | function = VaultCloseVault, address_out = 0x74972718 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\pstorec.dll | function = PStoreCreateInstance, address_out = 0x7496526c | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | interface = 3C374A41-BAE4-11CF-BF7D-00AA006946EE, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER | 1 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Find | TeamViewer | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Info | type = Operating System | 1 |
Fn
|
|
Get Info | type = Hardware Information | 1 |
Fn
|
|
Get Info | type = Windows Directory, result_out = C:\Windows | 1 |
Fn
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Enumerate Sections | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini | data_out = General, size = 65000 | 2 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini | section_name = Profile0, key_name = Path, data_out = Profiles/asmpdd98.default | 2 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini | section_name = Profile0, key_name = IsRelative, default_value = 1 | 2 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Resolve Name | host = butsulacoft.com, address_out = 62.109.18.138 | 1 |
Fn
|
Information | Value |
---|---|
Total Data Sent | 0.71 KB (732 bytes) |
Total Data Received | 0.16 KB (161 bytes) |
Contacted Host Count | 1 |
Contacted Hosts | 62.109.18.138:80 |
Information | Value |
---|---|
Handle | 0x228 |
Address Family | AF_INET |
Type | SOCK_STREAM |
Protocol | IPPROTO_TCP |
Remote Address | 62.109.18.138 |
Remote Port | 80 |
Local Address | 0.0.0.0 |
Local Port | 3520 |
Data Sent | 0.71 KB (732 bytes) |
Data Received | 0.16 KB (161 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM | 1 |
Fn
|
|
Connect | remote_address = 62.109.18.138, remote_port = 80 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 422, size_out = 422 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 310, size_out = 310 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 | 148 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2048, size_out = 13 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2048, size_out = 0 | 1 |
Fn
|
|
Close | type = SOCK_STREAM | 1 |
Fn
|
Information | Value |
---|---|
Total Data Sent | 0.41 KB (422 bytes) |
Total Data Received | 0.00 KB (0 bytes) |
Contacted Host Count | 1 |
Contacted Hosts | butsulacoft.com |
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | butsulacoft.com |
Server Port | 80 |
Data Sent | 0.41 KB (422 bytes) |
Data Received | 0.00 KB (0 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS | 1 |
Fn
|
|
Open Connection | protocol = http, server_name = butsulacoft.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, http_version = HTTP/1.0, target_resource = /d2/about.php | 1 |
Fn
|
|
Send HTTP Request | headers = content-length: 310, accept-language: en-US, accept-encoding: identity, *;q=0, content-encoding: binary, connection: close, user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), host: butsulacoft.com, content-type: application/octet-stream, url = butsulacoft.com/d2/about.php | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #6 |
File Name | c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp |
Command Line | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp |
Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
Monitor | Start Time: 00:00:58, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:01:15 |
Information | Value |
---|---|
PID | 0xa7c |
Parent PID | 0x9dc (c:\windows\syswow64\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
A80
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000290000 | 0x00290000 | 0x00293fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x002a0000 | 0x00306fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000310000 | 0x00310000 | 0x00316fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000320000 | 0x00320000 | 0x00321fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x00359fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x00356fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000360000 | 0x00360000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x00391fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000370000 | 0x00370000 | 0x00387fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|||
private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | Readable, Writable |
|
|||
bn649b.tmp | 0x00400000 | 0x0042efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000430000 | 0x00430000 | 0x004b4fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000500000 | 0x00500000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000550000 | 0x00550000 | 0x005cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000005d0000 | 0x005d0000 | 0x00654fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006f0000 | 0x006f0000 | 0x007effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000007f0000 | 0x007f0000 | 0x00977fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000980000 | 0x00980000 | 0x00b00fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000b10000 | 0x00b10000 | 0x01f0ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001f10000 | 0x01f10000 | 0x02302fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002310000 | 0x02310000 | 0x02591fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000025a0000 | 0x025a0000 | 0x02820fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x73600000 | 0x73612fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dciman32.dll | 0x73f40000 | 0x73f45fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ddraw.dll | 0x73f50000 | 0x74036fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d8thk.dll | 0x74040000 | 0x74045fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d9.dll | 0x74050000 | 0x74212fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74220000 | 0x742a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74930000 | 0x74938fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x757c0000 | 0x757d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x75b40000 | 0x75bbafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x75ca0000 | 0x75cc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76c30000 | 0x76dccfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | explorer.exe | os_pid = 0xa84, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | 1 |
Fn
|
|
Get Info | explorer.exe | type = PROCESS_BASIC_INFORMATION | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Resume | c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | os_tid = 0xa80 | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Read | explorer.exe | address = 0x7efde008, size = 4 | 1 |
Fn
Data
|
|
Read | explorer.exe | address = 0x850000, size = 24576 | 1 |
Fn
Data
|
|
Read | explorer.exe | address = 0x850000, size = 2625536 | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | shlwapi.dll | base_address = 0x76f10000 | 1 |
Fn
|
|
Load | advapi32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Load | shell32.dll | base_address = 0x75fe0000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77720000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x757e0000 | 1 |
Fn
|
|
Get Filename | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp, size = 260 | 1 |
Fn
|
||
Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x75dd1245 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x75dd49d7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75dd1856 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75dd186e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = OutputDebugStringA, address_out = 0x75dfb2b7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ntdll.dll | function = _stricmp, address_out = 0x7775c7b9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ntdll.dll | function = memset, address_out = 0x7774df20 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ntdll.dll | function = memcpy, address_out = 0x77742340 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxW, address_out = 0x7584fd3f | 1 |
Fn
|
|
Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 2686576 | 1 |
Fn
|
||
Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 2686576 | 1 |
Fn
|
||
Map | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, protection = PAGE_EXECUTE_READWRITE, address_out = 0x25a0000 | 1 |
Fn
|
||
Map | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, protection = PAGE_EXECUTE_READWRITE, address_out = 0x370000 | 1 |
Fn
|
||
Map | process_name = explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x70000 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | mutex_name = e | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | type = DEBUG_STRING, text = j8I1 | 1 |
Fn
|
Information | Value |
---|---|
ID | #7 |
File Name | c:\windows\syswow64\explorer.exe |
Command Line | explorer.exe |
Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
Monitor | Start Time: 00:00:59, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:01:14 |
Information | Value |
---|---|
PID | 0xa84 |
Parent PID | 0xa7c (c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
A88
0x
A8C
0x
A90
0x
A94
0x
A98
0x
A9C
0x
AA0
0x
AA4
0x
AA8
0x
AB0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00021fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00087fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|||
locale.nls | 0x00090000 | 0x000f6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x0014ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00197fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x00190000 | 0x001cbfff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00191fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a7fff | Pagefile Backed Memory | Readable, Writable |
|
|||
windowsshell.manifest | 0x001a0000 | 0x001a0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Pagefile Backed Memory | Readable |
|
|||
index.dat | 0x001c0000 | 0x001d3fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x001e0000 | 0x001e7fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x00230000 | 0x0023ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0027ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000280000 | 0x00280000 | 0x00280fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000290000 | 0x00290000 | 0x00290fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000002b0000 | 0x002b0000 | 0x002effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002f0000 | 0x002f0000 | 0x0032ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000330000 | 0x00330000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x0037ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003c0000 | 0x003c0000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000440000 | 0x00440000 | 0x005c7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000005d0000 | 0x005d0000 | 0x006cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006d0000 | 0x006d0000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006d0000 | 0x006d0000 | 0x0070ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000750000 | 0x00750000 | 0x0078ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000007a0000 | 0x007a0000 | 0x007dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000800000 | 0x00800000 | 0x0083ffff | Private Memory | Readable, Writable |
|
|||
explorer.exe | 0x00850000 | 0x00ad0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000ae0000 | 0x00ae0000 | 0x00c60fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000c70000 | 0x00c70000 | 0x0206ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000002070000 | 0x02070000 | 0x02462fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002470000 | 0x02470000 | 0x0268ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024a0000 | 0x024a0000 | 0x024dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002510000 | 0x02510000 | 0x0254ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002550000 | 0x02550000 | 0x0258ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002590000 | 0x02590000 | 0x0263ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000025c0000 | 0x025c0000 | 0x025fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002630000 | 0x02630000 | 0x0263ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002650000 | 0x02650000 | 0x0268ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02690000 | 0x0295efff | Memory Mapped File | Readable |
|
|||
private_0x00000000029a0000 | 0x029a0000 | 0x029dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000029f0000 | 0x029f0000 | 0x02a2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a30000 | 0x02a30000 | 0x02b2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b80000 | 0x02b80000 | 0x02bbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002bc0000 | 0x02bc0000 | 0x02d9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002bc0000 | 0x02bc0000 | 0x02c6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c90000 | 0x02c90000 | 0x02ccffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d90000 | 0x02d90000 | 0x02d9ffff | Private Memory | Readable, Writable |
|
|||
dwmapi.dll | 0x73600000 | 0x73612fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
explorerframe.dll | 0x73910000 | 0x73a7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x73a80000 | 0x73afffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x73b40000 | 0x73c34fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
duser.dll | 0x73f10000 | 0x73f3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x74020000 | 0x74027fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdiplus.dll | 0x74030000 | 0x741bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
powrprof.dll | 0x741c0000 | 0x741e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dui70.dll | 0x741f0000 | 0x742a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x74930000 | 0x74939fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x74a20000 | 0x74a27fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74a30000 | 0x74a3dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74a40000 | 0x74a7afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74a80000 | 0x74a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netprofm.dll | 0x74aa0000 | 0x74af9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pnrpnsp.dll | 0x74bb0000 | 0x74bc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napinsp.dll | 0x74bd0000 | 0x74bdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x74be0000 | 0x74be5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x74bf0000 | 0x74bfffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74c00000 | 0x74c51fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74c60000 | 0x74ca3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74cb0000 | 0x74e4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sensapi.dll | 0x75170000 | 0x75175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rtutils.dll | 0x75180000 | 0x7518cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x75190000 | 0x751a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x751e0000 | 0x751eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x75220000 | 0x75226fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x75230000 | 0x7524bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x75530000 | 0x7572afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x757c0000 | 0x757d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x758e0000 | 0x75962fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x75990000 | 0x75aacfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x75ca0000 | 0x75cc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76c30000 | 0x76dccfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x76e10000 | 0x76f04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x76ff0000 | 0x77125fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x776f0000 | 0x776fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 34 entries are omitted.
The remaining entries can be found in flog.txt. |
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #6: c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | 0xa80 | address = 0x70000, size = 98304 | 1 |
Fn
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\123[1].dat | 5.40 MB (5661523 bytes) |
MD5:
2197a2a6da9cd6c3ec10de424f3d83c5
SHA1: 15c23018cb8811fc61487f127284074fd7a7a513 SHA256: ae7c326df3d6d3a1f30a828b7cbed005370bcc6b2888ddb8a746e1c8738dde37 |
|
|
c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\123[1].dat | 0.72 KB (738 bytes) |
MD5:
185d324b2d65fb8cdd9b7451087e74e0
SHA1: b3220801844de9eb3be9ea75b17a8321f2e428e0 SHA256: eb7111d2c484dd2bada2f4bd14652c55914506d7b463b4cf2542c69bf8bbefa5 |
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open Key | HKEY_CURRENT_USER\Software\Microsoft\aaf4e053c | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open | c:\windows\syswow64\explorer.exe | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | c:\windows\syswow64\explorer.exe | proc_address = 0x2c4ad14, proc_parameter = 45678592, flags = THREAD_RUNS_IMMEDIATELY | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Allocate | c:\windows\syswow64\explorer.exe | address = 0x70d070, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 7393384 | 1 |
Fn
|
|
Allocate | c:\windows\syswow64\explorer.exe | address = 0x70d020, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 7393304 | 1 |
Fn
|
|
Allocate | c:\windows\syswow64\explorer.exe | address = 0x70d070, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 7393384 | 1 |
Fn
|
|
Write | c:\windows\syswow64\explorer.exe | address = 0x2c40000, size = 245760 | 1 |
Fn
Data
|
|
Write | c:\windows\syswow64\explorer.exe | address = 0x77a0000, size = 13384668 | 1 |
Fn
|
|
Write | c:\windows\syswow64\explorer.exe | address = 0x2b90000, size = 4 | 1 |
Fn
Data
|
|
Write | c:\windows\syswow64\explorer.exe | address = 0x2b90004, size = 2968 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | WS2_32.dll | base_address = 0x76dd0000 | 1 |
Fn
|
|
Load | DNSAPI.dll | base_address = 0x74c60000 | 1 |
Fn
|
|
Load | WININET.dll | base_address = 0x76e10000 | 1 |
Fn
|
|
Load | KERNEL32.dll | base_address = 0x75dc0000 | 1 |
Fn
|
|
Load | USER32.dll | base_address = 0x757e0000 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Load | SHELL32.dll | base_address = 0x75fe0000 | 1 |
Fn
|
|
Load | SHLWAPI.dll | base_address = 0x76f10000 | 1 |
Fn
|
|
Load | shell32.dll | base_address = 0x75fe0000 | 1 |
Fn
|
|
Load | advapi32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Load | shlwapi.dll | base_address = 0x76f10000 | 1 |
Fn
|
|
Load | Ws2_32.dll | base_address = 0x76dd0000 | 1 |
Fn
|
|
Load | urlmon.dll | base_address = 0x76ff0000 | 1 |
Fn
|
|
Load | C:\Windows\System32\kernelbase.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 22, address_out = 0x76dd449d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 11, address_out = 0x76dd311b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 115, address_out = 0x76dd3ab2 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = freeaddrinfo, address_out = 0x76dd4b1b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = getaddrinfo, address_out = 0x76dd4296 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 3, address_out = 0x76dd3918 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 4, address_out = 0x76dd6bdd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 23, address_out = 0x76dd3eb8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 12, address_out = 0x76ddb131 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\dnsapi.dll | function = DnsQuery_A, address_out = 0x74c8a9bc | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\dnsapi.dll | function = DnsFree, address_out = 0x74c6436b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = DeleteUrlCacheEntryA, address_out = 0x76e559e8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x76e2b406 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = HttpQueryInfoA, address_out = 0x76e2a33e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionW, address_out = 0x76e27ed7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetOptionW, address_out = 0x76e27741 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address_out = 0x76e34c7d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address_out = 0x76ea18f8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionA, address_out = 0x76e21b56 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address_out = 0x76e349e9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x76e2ab49 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetOptionA, address_out = 0x76e275e8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address_out = 0x76e3f18e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\wininet.dll | function = InternetCrackUrlA, address_out = 0x76e1d075 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address_out = 0x75dd192e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LocalFree, address_out = 0x75dd2d3c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address_out = 0x75dd168c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75dd7a10 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75dd10ff | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75dd34d5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75dd1410 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x75df735f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32FirstW, address_out = 0x75df8baf | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x75dd11f8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75dd1809 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75dd3f5c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75dd3ed3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlushFileBuffers, address_out = 0x75dd469b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75dd1282 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75dd110c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75ded4f7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x75dd89b3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75dd1856 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75dd186e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x75dd59e2 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x75dd1136 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x75dd14e9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x75dd14c9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77761f6e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7774e026 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75dd1222 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x75dd49d7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = OutputDebugStringA, address_out = 0x75dfb2b7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32NextW, address_out = 0x75df896c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x75dd34c8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxA, address_out = 0x7584fd1e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x77294907 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x772948ef | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7728df14 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x7728e124 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyHash, address_out = 0x7728df66 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptCreateHash, address_out = 0x7728df4e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptHashData, address_out = 0x7728df36 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGetHashParam, address_out = 0x7728df7e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shell32.dll | function = SHGetFolderPathW, address_out = 0x76065708 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = wvnsprintfA, address_out = 0x76f3edfe | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = wvnsprintfW, address_out = 0x76f5066c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\urlmon.dll | function = ObtainUserAgentString, address_out = 0x77021d76 | 1 |
Fn
|
|
Get Address | function = NtAllocateVirtualMemory, ordinal = 0, address_out = 0x70d02c | 2 |
Fn
|
||
Get Address | function = NtWriteVirtualMemory, ordinal = 0, address_out = 0x70d038 | 3 |
Fn
|
||
Get Address | function = NtAllocateVirtualMemory, ordinal = 0, address_out = 0x70cfdc | 1 |
Fn
|
||
Get Address | function = NtWriteVirtualMemory, ordinal = 0, address_out = 0x70cfe8 | 1 |
Fn
|
||
Get Address | function = LdrLoadDll, ordinal = 0, address_out = 0x70d070 | 1 |
Fn
|
||
Get Address | function = CreateRemoteThread, ordinal = 0, address_out = 0x70d070 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Sleep | duration = 1000 milliseconds (1.000 seconds) | 40 |
Fn
|
|
Get Info | type = Operating System | 2 |
Fn
|
|
Get Info | type = Windows Directory, result_out = C:\Windows | 1 |
Fn
|
Information | Value |
---|---|
Total Data Sent | 0.36 KB (364 bytes) |
Total Data Received | 5.40 MB (5661527 bytes) |
Contacted Host Count | 1 |
Contacted Hosts | fortsiretbab.com |
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | fortsiretbab.com |
Server Port | 80 |
Data Sent | 0.36 KB (364 bytes) |
Data Received | 5.40 MB (5661527 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 545267, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 262144 | 21 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 156499 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 0 | 1 |
Fn
|
|
Close Session | 1 |
Fn
|
Information | Value |
---|---|
ID | #8 |
File Name | c:\windows\explorer.exe |
Command Line | C:\Windows\Explorer.EXE |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:40, Reason: Injection |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:33 |
Information | Value |
---|---|
PID | 0x568 |
Parent PID | 0xffffffffffffffff (Unknown) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
AC4
0x
644
0x
480
0x
59C
0x
770
0x
748
0x
6F8
0x
72C
0x
73C
0x
730
0x
714
0x
490
0x
794
0x
74C
0x
6D0
0x
6CC
0x
6B4
0x
6AC
0x
68C
0x
684
0x
680
0x
670
0x
668
0x
664
0x
660
0x
644
0x
598
0x
594
0x
590
0x
58C
0x
588
0x
574
0x
56C
0x
9A4
0x
698
0x
6E0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00021fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000130000 | 0x00130000 | 0x001affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003b0000 | 0x003b0000 | 0x00537fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000540000 | 0x00540000 | 0x006c0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000006d0000 | 0x006d0000 | 0x01acffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001ad0000 | 0x01ad0000 | 0x01ec2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001ed0000 | 0x01ed0000 | 0x01f0ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001f10000 | 0x01f10000 | 0x01feefff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000002000000 | 0x02000000 | 0x02001fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002010000 | 0x02010000 | 0x02039fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002040000 | 0x02040000 | 0x02040fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002050000 | 0x02050000 | 0x02065fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002070000 | 0x02070000 | 0x02070fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000002080000 | 0x02080000 | 0x02081fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002090000 | 0x02090000 | 0x0210ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002110000 | 0x02110000 | 0x0217bfff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002180000 | 0x02180000 | 0x02180fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002190000 | 0x02190000 | 0x02190fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000021a0000 | 0x021a0000 | 0x0221ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02220000 | 0x024eefff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000024f0000 | 0x024f0000 | 0x024f1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000002500000 | 0x02500000 | 0x02501fff | Pagefile Backed Memory | Readable |
|
|||
comctl32.dll.mui | 0x02510000 | 0x02512fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002530000 | 0x02530000 | 0x0254bfff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002560000 | 0x02560000 | 0x02568fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002570000 | 0x02570000 | 0x02577fff | Private Memory | Readable, Writable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db | 0x02580000 | 0x025a6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
cversions.2.db | 0x025c0000 | 0x025c3fff | Memory Mapped File | Readable |
|
|||
cversions.2.db | 0x025d0000 | 0x025d3fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000025e0000 | 0x025e0000 | 0x025e1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000025f0000 | 0x025f0000 | 0x02697fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000026a0000 | 0x026a0000 | 0x026a1fff | Pagefile Backed Memory | Readable |
|
|||
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db | 0x026b0000 | 0x026dffff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000026e0000 | 0x026e0000 | 0x026e1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000026f0000 | 0x026f0000 | 0x026f3fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002700000 | 0x02700000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002710000 | 0x02710000 | 0x02713fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002720000 | 0x02720000 | 0x02721fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002730000 | 0x02730000 | 0x02730fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002740000 | 0x02740000 | 0x02740fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002750000 | 0x02750000 | 0x02750fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002760000 | 0x02760000 | 0x0276ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002770000 | 0x02770000 | 0x0286ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002870000 | 0x02870000 | 0x02870fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002880000 | 0x02880000 | 0x02880fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002890000 | 0x02890000 | 0x0290ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002910000 | 0x02910000 | 0x02957fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002960000 | 0x02960000 | 0x02963fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002970000 | 0x02970000 | 0x02970fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002980000 | 0x02980000 | 0x02980fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002990000 | 0x02990000 | 0x02a8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a90000 | 0x02a90000 | 0x02b8ffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x02ba0000 | 0x02baffff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x02bb0000 | 0x02bbffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002bc0000 | 0x02bc0000 | 0x02c3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c40000 | 0x02c40000 | 0x02c7bfff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000002d90000 | 0x02d90000 | 0x030d2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000030e0000 | 0x030e0000 | 0x030e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030f0000 | 0x030f0000 | 0x0316ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003170000 | 0x03170000 | 0x03170fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003180000 | 0x03180000 | 0x031fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000003200000 | 0x03200000 | 0x03200fff | Pagefile Backed Memory | Readable |
|
|||
wdmaud.drv.mui | 0x03210000 | 0x03210fff | Memory Mapped File | Readable, Writable |
|
|||
mmdevapi.dll.mui | 0x03220000 | 0x03220fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000003230000 | 0x03230000 | 0x03231fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000003240000 | 0x03240000 | 0x03241fff | Pagefile Backed Memory | Readable |
|
|||
cversions.2.db | 0x03250000 | 0x03253fff | Memory Mapped File | Readable |
|
|||
private_0x0000000003260000 | 0x03260000 | 0x032dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032e0000 | 0x032e0000 | 0x032e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032f0000 | 0x032f0000 | 0x0336ffff | Private Memory | Readable, Writable |
|
|||
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x03370000 | 0x033d5fff | Memory Mapped File | Readable |
|
|||
private_0x00000000033e0000 | 0x033e0000 | 0x0345ffff | Private Memory | Readable, Writable |
|
|||
staticcache.dat | 0x03460000 | 0x03d8ffff | Memory Mapped File | Readable |
|
|||
private_0x0000000003d90000 | 0x03d90000 | 0x03d90fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003da0000 | 0x03da0000 | 0x03da0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003db0000 | 0x03db0000 | 0x03e2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e30000 | 0x03e30000 | 0x03e30fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e40000 | 0x03e40000 | 0x03e40fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e50000 | 0x03e50000 | 0x03e50fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000003e60000 | 0x03e60000 | 0x03e61fff | Pagefile Backed Memory | Readable |
|
|||
{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db | 0x03e70000 | 0x03e70fff | Memory Mapped File | Readable |
|
|||
cversions.2.db | 0x03e80000 | 0x03e83fff | Memory Mapped File | Readable |
|
|||
{b33c4f4b-938b-4cb1-bc05-f090b0a61a1a}.2.ver0x0000000000000001.db | 0x03e90000 | 0x03e90fff | Memory Mapped File | Readable |
|
|||
cversions.2.db | 0x03ea0000 | 0x03ea3fff | Memory Mapped File | Readable |
|
|||
{d299adbb-3c80-401e-9a81-68ee95177a1c}.2.ver0x0000000000000001.db | 0x03eb0000 | 0x03eb0fff | Memory Mapped File | Readable |
|
|||
private_0x0000000003ec0000 | 0x03ec0000 | 0x03ec0fff | Private Memory | Readable, Writable |
|
|||
cversions.2.db | 0x03ed0000 | 0x03ed3fff | Memory Mapped File | Readable |
|
|||
private_0x0000000003ef0000 | 0x03ef0000 | 0x03f6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003f70000 | 0x03f70000 | 0x03f70fff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000003f80000 | 0x03f80000 | 0x03f81fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000003f90000 | 0x03f90000 | 0x03f91fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000003fa0000 | 0x03fa0000 | 0x03feffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000003ff0000 | 0x03ff0000 | 0x03ff1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000004000000 | 0x04000000 | 0x04001fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000004010000 | 0x04010000 | 0x04011fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004020000 | 0x04020000 | 0x04021fff | Pagefile Backed Memory | Readable |
|
|||
oleaccrc.dll | 0x04030000 | 0x04030fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000004040000 | 0x04040000 | 0x04041fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000004050000 | 0x04050000 | 0x04051fff | Pagefile Backed Memory | Readable |
|
|||
bthprops.cpl.mui | 0x04080000 | 0x04086fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000004090000 | 0x04090000 | 0x04091fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000040a0000 | 0x040a0000 | 0x040a1fff | Pagefile Backed Memory | Readable |
|
|||
prnfldr.dll.mui | 0x040b0000 | 0x040b3fff | Memory Mapped File | Readable, Writable |
|
|||
netshell.dll.mui | 0x040c0000 | 0x040d0fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x00000000040f0000 | 0x040f0000 | 0x040f0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000004110000 | 0x04110000 | 0x04110fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004120000 | 0x04120000 | 0x0419ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000041a0000 | 0x041a0000 | 0x041a0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000041b0000 | 0x041b0000 | 0x041b0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000041c0000 | 0x041c0000 | 0x0423ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004240000 | 0x04240000 | 0x04240fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004250000 | 0x04250000 | 0x04250fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004260000 | 0x04260000 | 0x042dffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x04320000 | 0x04333fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x04340000 | 0x04347fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x043e0000 | 0x0441ffff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000004420000 | 0x04420000 | 0x04420fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004440000 | 0x04440000 | 0x044bffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004530000 | 0x04530000 | 0x045affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000045b0000 | 0x045b0000 | 0x047affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004820000 | 0x04820000 | 0x0489ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000048b0000 | 0x048b0000 | 0x0492ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004a20000 | 0x04a20000 | 0x04a9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004ae0000 | 0x04ae0000 | 0x04b5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004bb0000 | 0x04bb0000 | 0x04c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004d00000 | 0x04d00000 | 0x04d7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005150000 | 0x05150000 | 0x05552fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005570000 | 0x05570000 | 0x055effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005660000 | 0x05660000 | 0x056dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005730000 | 0x05730000 | 0x057affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005830000 | 0x05830000 | 0x058affff | Private Memory | Readable, Writable |
|
|||
imageres.dll | 0x05970000 | 0x06cc4fff | Memory Mapped File | Readable |
|
|||
private_0x0000000006d30000 | 0x06d30000 | 0x06daffff | Private Memory | Readable, Writable |
|
|||
For performance reasons, the remaining 244 entries are omitted.
The remaining entries can be found in flog.txt. |
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2c40000, size = 245760 | 1 |
Fn
Data
|
|
Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x77a0000, size = 13384668 | 1 |
Fn
Data
|
|
Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2b90000, size = 4 | 1 |
Fn
Data
|
|
Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2b90004, size = 2968 | 1 |
Fn
Data
|
|
Create Remote Thread | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2c4ad14 | 1 |
Fn
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\utobyg\aslim.exe | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\utobyg\aslim.exe | 176.00 KB (180224 bytes) |
MD5:
773da788e860440ea6c7b3a6d4801b9d
SHA1: 607f9306fdcb4906b2175c5a20e002c99b29da53 SHA256: 879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi | 10.00 MB (10485760 bytes) |
MD5:
a044d696891917f5b2de228a2b4191fc
SHA1: 3a9f36226dc4686d75cfefc71d2b8755b38bb38b SHA256: 8e834cabb162d65422c401c08aef958849539d7e3499d9ae08f53e76b610dbad |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\microsoft\windows\start menu\programs\startup\start.lnk | 0.86 KB (883 bytes) |
MD5:
940b6a3f4f922c64091e4dc9a57c1781
SHA1: 0c1260dd0c38fda83a493fe679cdec8ef6c8aae9 SHA256: b71d0a7877a68247e17964df8ae6fa8e8a4106437ba7c1590afea75c4d9caaa0 |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create Directory | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo | 1 |
Fn
|
||
Create Directory | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq | 1 |
Fn
|
||
Create Directory | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg | 1 |
Fn
|
||
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | type = size, size_out = 180224 | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | type = size, size_out = 13422020 | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | type = size, size_out = 13422020 | 1 |
Fn
|
|
Open | STD_INPUT_HANDLE | 1 |
Fn
|
||
Open | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
Open | STD_ERROR_HANDLE | 1 |
Fn
|
||
Read | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | size = 180224, size_out = 180224 | 1 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | size = 13422020, size_out = 13422020 | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | size = 13422020, size_out = 13422020 | 1 |
Fn
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | size = 13422020 | 1 |
Fn
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe | size = 180224 | 1 |
Fn
Data
|
|
Delete | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create Key | HKEY_CURRENT_USER\Software\Microsoft | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\aaf4e053c | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 1498210050, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = DigitalProductId | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = DigitalProductId, data = 164 | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_NONE | 1 |
Fn
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\aaf4e053c | value_name = 1dc1e28ae, size = 4416, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 1061, type = REG_BINARY | 1 |
Fn
Data
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Windows\syswow64\msiexec.exe | os_pid = 0x65c, creation_flags = CREATE_SUSPENDED, CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION | 141 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION | 141 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION | 109 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION | 1 |
Fn
|
|
Open | c:\windows\explorer.exe | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | c:\windows\explorer.exe | proc_address = 0x11ad14, proc_parameter = 1376256, flags = THREAD_RUNS_IMMEDIATELY | 1 |
Fn
|
|
Create | c:\windows\explorer.exe | proc_address = 0x1fead14, proc_parameter = 1179648, flags = THREAD_RUNS_IMMEDIATELY | 1 |
Fn
|
|
Create | c:\windows\explorer.exe | proc_address = 0x1f4ad14, proc_parameter = 32178176, flags = THREAD_RUNS_IMMEDIATELY | 1 |
Fn
|
|
Create | c:\windows\explorer.exe | proc_address = 0x175220, proc_parameter = 720896, flags = THREAD_RUNS_IMMEDIATELY | 1 |
Fn
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Allocate | c:\windows\explorer.exe | address = 0x110000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 245760 | 1 |
Fn
|
|
Allocate | c:\windows\explorer.exe | address = 0x150000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3060 | 1 |
Fn
|
|
Allocate | c:\windows\explorer.exe | address = 0x1fe0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 245760 | 1 |
Fn
|
|
Allocate | c:\windows\explorer.exe | address = 0x120000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3060 | 1 |
Fn
|
|
Allocate | c:\windows\explorer.exe | address = 0x1f40000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 245760 | 1 |
Fn
|
|
Allocate | c:\windows\explorer.exe | address = 0x1eb0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3060 | 1 |
Fn
|
|
Allocate | c:\windows\explorer.exe | address = 0x130000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2273280 | 1 |
Fn
|
|
Allocate | c:\windows\explorer.exe | address = 0xb0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3008 | 1 |
Fn
|
|
Write | c:\windows\explorer.exe | address = 0x110000, size = 245760 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x150000, size = 4 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x150004, size = 3056 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x1fe0000, size = 245760 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x120000, size = 4 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x120004, size = 3056 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x1f40000, size = 245760 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x1eb0000, size = 4 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x1eb0004, size = 3056 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0x130000, size = 2273280 | 1 |
Fn
|
|
Write | c:\windows\explorer.exe | address = 0xb0000, size = 4 | 1 |
Fn
Data
|
|
Write | c:\windows\explorer.exe | address = 0xb0004, size = 3004 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | KERNEL32.dll | base_address = 0x77320000 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x7fefdb00000 | 1 |
Fn
|
|
Load | SHLWAPI.dll | base_address = 0x7feff2b0000 | 1 |
Fn
|
|
Load | SHELL32.dll | base_address = 0x7fefdfb0000 | 1 |
Fn
|
|
Load | USER32.dll | base_address = 0x77440000 | 1 |
Fn
|
|
Load | WS2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Load | WININET.dll | base_address = 0x7feff6b0000 | 1 |
Fn
|
|
Load | ole32.dll | base_address = 0x7fefede0000 | 1 |
Fn
|
|
Load | OLEAUT32.dll | base_address = 0x7feff5d0000 | 1 |
Fn
|
|
Load | urlmon.dll | base_address = 0x7fefdbe0000 | 1 |
Fn
|
|
Load | Ws2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Get Handle | kernel32.dll | base_address = 0x77320000 | 6 |
Fn
|
|
Get Filename | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 | 2 |
Fn
|
||
Get Address | Unknown module name | function = ReadFile, address_out = 0x77331500 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FlushFileBuffers, address_out = 0x773269f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = WriteFile, address_out = 0x773435a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetTickCount, address_out = 0x77342b00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetFileAttributesW, address_out = 0x773337a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VirtualAlloc, address_out = 0x773367a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetFileSizeEx, address_out = 0x77329b30 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VirtualFree, address_out = 0x77331260 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetFilePointerEx, address_out = 0x7732af00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetFileAttributesW, address_out = 0x7733bdd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetProcessHeap, address_out = 0x77343050 | 1 |
Fn
|
|
Get Address | Unknown module name | function = HeapFree, address_out = 0x77343070 | 1 |
Fn
|
|
Get Address | Unknown module name | function = HeapReAlloc, address_out = 0x77573f20 | 1 |
Fn
|
|
Get Address | Unknown module name | function = HeapAlloc, address_out = 0x775933a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LoadLibraryA, address_out = 0x77337070 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OutputDebugStringA, address_out = 0x77324f60 | 1 |
Fn
|
|
Get Address | Unknown module name | function = Thread32First, address_out = 0x7736aa70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = Thread32Next, address_out = 0x7736a980 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCurrentThread, address_out = 0x77333f20 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateProcessW, address_out = 0x77341bb0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FreeLibrary, address_out = 0x77336620 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MultiByteToWideChar, address_out = 0x77335b50 | 1 |
Fn
|
|
Get Address | Unknown module name | function = WideCharToMultiByte, address_out = 0x773435f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateMutexW, address_out = 0x773313c0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = ReleaseMutex, address_out = 0x77342b90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetLastError, address_out = 0x77342df0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = WaitForMultipleObjects, address_out = 0x77331170 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetLastError, address_out = 0x77342dd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateThread, address_out = 0x77336580 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetComputerNameW, address_out = 0x7732d130 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateEventW, address_out = 0x77335290 | 1 |
Fn
|
|
Get Address | Unknown module name | function = ExitThread, address_out = 0x77586930 | 1 |
Fn
|
|
Get Address | Unknown module name | function = ExitProcess, address_out = 0x775640f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = InitializeCriticalSection, address_out = 0x77568100 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetModuleFileNameW, address_out = 0x77337700 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCurrentProcessId, address_out = 0x77335a50 | 1 |
Fn
|
|
Get Address | Unknown module name | function = AddVectoredExceptionHandler, address_out = 0x77623ad0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetSystemDefaultLCID, address_out = 0x773233a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetWindowsDirectoryW, address_out = 0x773282b0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = WaitForSingleObject, address_out = 0x77342b20 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetProcAddress, address_out = 0x77343690 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetModuleHandleW, address_out = 0x77343730 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LoadLibraryW, address_out = 0x77336f80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VirtualProtect, address_out = 0x77322ef0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateRemoteThread, address_out = 0x7736c4f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VirtualAllocEx, address_out = 0x7736bbd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VirtualFreeEx, address_out = 0x7736bb90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = DuplicateHandle, address_out = 0x77335d10 | 1 |
Fn
|
|
Get Address | Unknown module name | function = WriteProcessMemory, address_out = 0x7736bad0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OpenProcess, address_out = 0x7733cad0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = Process32NextW, address_out = 0x773220f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = Process32FirstW, address_out = 0x77321e00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateToolhelp32Snapshot, address_out = 0x773221e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateDirectoryW, address_out = 0x7732ad70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = TerminateProcess, address_out = 0x7736bca0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetEvent, address_out = 0x77333f00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = DeleteFileW, address_out = 0x7732ad90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = Sleep, address_out = 0x77342b70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CloseHandle, address_out = 0x77342f80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateFileW, address_out = 0x77331870 | 1 |
Fn
|
|
Get Address | Unknown module name | function = lstrcmpiA, address_out = 0x773240a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = lstrlenA, address_out = 0x7733caf0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = WriteConsoleW, address_out = 0x77333d40 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetStdHandle, address_out = 0x7736bce0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetConsoleMode, address_out = 0x77342e60 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetConsoleCP, address_out = 0x773605f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LCMapStringW, address_out = 0x77340dd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = HeapSize, address_out = 0x775682d0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetStringTypeW, address_out = 0x77339060 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OutputDebugStringW, address_out = 0x7732b760 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LoadLibraryExW, address_out = 0x77336640 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCPInfo, address_out = 0x77336ce0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetOEMCP, address_out = 0x7733b580 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetACP, address_out = 0x77336f90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = IsValidCodePage, address_out = 0x77339080 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LeaveCriticalSection, address_out = 0x77593000 | 1 |
Fn
|
|
Get Address | Unknown module name | function = EnterCriticalSection, address_out = 0x77592fc0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = IsProcessorFeaturePresent, address_out = 0x7736cc80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = IsDebuggerPresent, address_out = 0x77328290 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RtlUnwindEx, address_out = 0x77352d90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = TlsFree, address_out = 0x77331590 | 1 |
Fn
|
|
Get Address | Unknown module name | function = TlsSetValue, address_out = 0x77335cd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = TlsGetValue, address_out = 0x77342bd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = TlsAlloc, address_out = 0x77337100 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetUnhandledExceptionFilter, address_out = 0x77339b70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = UnhandledExceptionFilter, address_out = 0x773b9330 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RtlVirtualUnwind, address_out = 0x7736b5b0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RtlLookupFunctionEntry, address_out = 0x7736b610 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RtlCaptureContext, address_out = 0x7736b6f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FreeEnvironmentStringsW, address_out = 0x77336d20 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetEnvironmentStringsW, address_out = 0x77336d00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetSystemTimeAsFileTime, address_out = 0x77333f40 | 1 |
Fn
|
|
Get Address | Unknown module name | function = QueryPerformanceCounter, address_out = 0x77336500 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetModuleFileNameA, address_out = 0x773364a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetStartupInfoW, address_out = 0x77338070 | 1 |
Fn
|
|
Get Address | Unknown module name | function = DeleteCriticalSection, address_out = 0x77565350 | 1 |
Fn
|
|
Get Address | Unknown module name | function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetFileType, address_out = 0x77342e00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetStdHandle, address_out = 0x7733d750 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetModuleHandleExW, address_out = 0x7732b780 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RaiseException, address_out = 0x7732cf10 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RtlPcToFileHeader, address_out = 0x77352d80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = DecodePointer, address_out = 0x77569c50 | 1 |
Fn
|
|
Get Address | Unknown module name | function = EncodePointer, address_out = 0x77573bd0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCommandLineA, address_out = 0x77341e70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetSystemInfo, address_out = 0x77336f70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = VirtualQuery, address_out = 0x7733bd40 | 1 |
Fn
|
|
Get Address | Unknown module name | function = ResumeThread, address_out = 0x773313a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SuspendThread, address_out = 0x77322f60 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCurrentThreadId, address_out = 0x77333ee0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OpenThread, address_out = 0x7733c560 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FlushInstructionCache, address_out = 0x773233e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = HeapCreate, address_out = 0x773370e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCurrentProcess, address_out = 0x77335cf0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetThreadContext, address_out = 0x77322f10 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetThreadContext, address_out = 0x77322f40 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LocalFree, address_out = 0x773347a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetVersionExW, address_out = 0x7732d910 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CryptHashData, address_out = 0x7fefdb0dac0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegSetValueExW, address_out = 0x7fefdb11ed0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegOpenKeyExW, address_out = 0x7fefdb206f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetSidSubAuthority, address_out = 0x7fefdb11754 | 1 |
Fn
|
|
Get Address | Unknown module name | function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OpenThreadToken, address_out = 0x7fefdb1bd84 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetTokenInformation, address_out = 0x7fefdb1bd50 | 1 |
Fn
|
|
Get Address | Unknown module name | function = OpenProcessToken, address_out = 0x7fefdb1bd70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegCreateKeyExW, address_out = 0x7fefdb1b520 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CryptReleaseContext, address_out = 0x7fefdb0dd10 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CryptDestroyHash, address_out = 0x7fefdb0db00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CryptGetHashParam, address_out = 0x7fefdb0db20 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CryptCreateHash, address_out = 0x7fefdb0dad4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetLengthSid, address_out = 0x7fefdb1b580 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CryptAcquireContextW, address_out = 0x7fefdb0d98c | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegQueryValueExA, address_out = 0x7fefdb1c480 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegCloseKey, address_out = 0x7fefdb20710 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegSetValueExA, address_out = 0x7fefdb11dc0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = RegCreateKeyExA, address_out = 0x7fefdb11d10 | 1 |
Fn
|
|
Get Address | Unknown module name | function = PathRenameExtensionW, address_out = 0x7feff2de6c0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = PathRemoveBackslashW, address_out = 0x7feff2bd014 | 1 |
Fn
|
|
Get Address | Unknown module name | function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c | 1 |
Fn
|
|
Get Address | Unknown module name | function = PathAddBackslashW, address_out = 0x7feff2c3f70 | 1 |
Fn
|
|
Get Address | Unknown module name | function = PathAddExtensionW, address_out = 0x7feff2de630 | 1 |
Fn
|
|
Get Address | Unknown module name | function = wvnsprintfA, address_out = 0x7feff2e2200 | 1 |
Fn
|
|
Get Address | Unknown module name | function = wvnsprintfW, address_out = 0x7feff2e22e4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = PathCombineW, address_out = 0x7feff2c3dfc | 1 |
Fn
|
|
Get Address | Unknown module name | function = SHGetFolderPathW, address_out = 0x7fefe033ba4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = MessageBoxA, address_out = 0x774b12b8 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CharUpperW, address_out = 0x7745b714 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 18, address_out = 0x7feff7e4da0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 115, address_out = 0x7feff7e4980 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 15, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 11, address_out = 0x7feff7e1350 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 9, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 19, address_out = 0x7feff7e8000 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 | 1 |
Fn
|
|
Get Address | Unknown module name | function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FindCloseUrlCache, address_out = 0x7feff6be600 | 1 |
Fn
|
|
Get Address | Unknown module name | function = StringFromGUID2, address_out = 0x7fefee03560 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CLSIDFromString, address_out = 0x7fefedf0680 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CoInitialize, address_out = 0x7fefedfa51c | 1 |
Fn
|
|
Get Address | Unknown module name | function = CoInitializeSecurity, address_out = 0x7fefedf8220 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CoCreateInstance, address_out = 0x7fefee07490 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CoUninitialize, address_out = 0x7fefee01314 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CoInitializeEx, address_out = 0x7fefee02a30 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 2, address_out = 0x7feff5d3480 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 6, address_out = 0x7feff5d1320 | 1 |
Fn
|
|
Get Address | Unknown module name | function = 9, address_out = 0x7feff5d1180 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FlsAlloc, address_out = 0x77337190 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FlsFree, address_out = 0x773315b0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FlsGetValue, address_out = 0x77343520 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FlsSetValue, address_out = 0x7733bd90 | 1 |
Fn
|
|
Get Address | Unknown module name | function = InitializeCriticalSectionEx, address_out = 0x773379b0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateSemaphoreExW, address_out = 0x7736c4c0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetThreadStackGuarantee, address_out = 0x77328050 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateThreadpoolTimer, address_out = 0x77328820 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetThreadpoolTimer, address_out = 0x7755b2f0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CloseThreadpoolTimer, address_out = 0x7754d620 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateThreadpoolWait, address_out = 0x7736ba80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetThreadpoolWait, address_out = 0x7755e170 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CloseThreadpoolWait, address_out = 0x7754c540 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FlushProcessWriteBuffers, address_out = 0x77591f80 | 1 |
Fn
|
|
Get Address | Unknown module name | function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCurrentProcessorNumber, address_out = 0x77590040 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetLogicalProcessorInformation, address_out = 0x7736b820 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CreateSymbolicLinkW, address_out = 0x77395ad0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = SetDefaultDllDirectories, address_out = 0x0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = EnumSystemLocalesEx, address_out = 0x7736c3d0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = CompareStringEx, address_out = 0x7736b980 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetDateFormatEx, address_out = 0x773b0920 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetLocaleInfoEx, address_out = 0x77323c10 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetTimeFormatEx, address_out = 0x773ad4e0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetUserDefaultLocaleName, address_out = 0x7736b790 | 1 |
Fn
|
|
Get Address | Unknown module name | function = IsValidLocaleName, address_out = 0x7736b770 | 1 |
Fn
|
|
Get Address | Unknown module name | function = LCMapStringEx, address_out = 0x7736b710 | 1 |
Fn
|
|
Get Address | Unknown module name | function = GetCurrentPackageId, address_out = 0x0 | 1 |
Fn
|
|
Get Address | Unknown module name | function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 | 1 |
Fn
|
|
Get Address | Unknown module name | function = IsWow64Process, address_out = 0x773291d0 | 5 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | interface = 000214F9-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Computer Name | result_out = AUFDDCNTXWT | 1 |
Fn
|
|
Sleep | duration = 20 milliseconds (0.020 seconds) | 39 |
Fn
|
|
Sleep | duration = -1 (infinite) | 1 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:20 (UTC) | 1 |
Fn
|
|
Get Info | type = Operating System | 3 |
Fn
|
|
Get Info | type = Windows Directory, result_out = C:\Windows | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | mutex_name = Global\{AE124E3B-FDD1-1422-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} | 7 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} | 7 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} | 7 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} | 19 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} | 19 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} | 19 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} | 19 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} | 19 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} | 19 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} | 19 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} | 31 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} | 31 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} | 31 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} | 31 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} | 31 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} | 14 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} | 29 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} | 8 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} | 69 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} | 69 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} | 69 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} | 69 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} | 69 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} | 61 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} | 68 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} | 5 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} | 4 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} | 6 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} | 6 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} | 6 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} | 6 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} | 6 |
Fn
|
|
Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} | 6 |
Fn
|
|
Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #10 |
File Name | c:\windows\system32\taskhost.exe |
Command Line | "taskhost.exe" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:43, Reason: Injection |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:30 |
Information | Value |
---|---|
PID | 0x510 |
Parent PID | 0x1dc (c:\windows\system32\services.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
B9C
0x
B3C
0x
430
0x
7DC
0x
7AC
0x
79C
0x
798
0x
52C
0x
51C
0x
514
0x
554
0x
7F4
0x
728
0x
150
0x
330
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x0014bfff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000490000 | 0x00490000 | 0x00617fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000620000 | 0x00620000 | 0x007a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007b0000 | 0x007b0000 | 0x01baffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001bb0000 | 0x01bb0000 | 0x01fa2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001ff0000 | 0x01ff0000 | 0x0206ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002080000 | 0x02080000 | 0x020fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002110000 | 0x02110000 | 0x0218ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002190000 | 0x02190000 | 0x0226efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002280000 | 0x02280000 | 0x022fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002300000 | 0x02300000 | 0x0237ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002380000 | 0x02380000 | 0x0241ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x02430000 | 0x024effff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002610000 | 0x02610000 | 0x0268ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000026c0000 | 0x026c0000 | 0x0273ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002740000 | 0x02740000 | 0x027bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027d0000 | 0x027d0000 | 0x0284ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002880000 | 0x02880000 | 0x028fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002920000 | 0x02920000 | 0x0292ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002930000 | 0x02930000 | 0x029affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000029c0000 | 0x029c0000 | 0x02a3ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02a40000 | 0x02d0efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002e40000 | 0x02e40000 | 0x02ebffff | Private Memory | Readable, Writable |
|
|||
kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
taskhost.exe | 0xff200000 | 0xff213fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winmm.dll | 0x7fef6750000 | 0x7fef678afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x7fef6790000 | 0x7fef679bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dimsjob.dll | 0x7fef69c0000 | 0x7fef69cdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netprofm.dll | 0x7fef8030000 | 0x7fef80a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
hotstartuseragent.dll | 0x7fef8a50000 | 0x7fef8a5afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msutb.dll | 0x7fef8a60000 | 0x7fef8a9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctfmonitor.dll | 0x7fef8aa0000 | 0x7fef8aaafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
playsndsrv.dll | 0x7fefa450000 | 0x7fefa467fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x7fefb8c0000 | 0x7fefb8cafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dsrole.dll | 0x7fefb8d0000 | 0x7fefb8dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wtsapi32.dll | 0x7fefb950000 | 0x7fefb960fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x7fefb970000 | 0x7fefb984fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
taskschd.dll | 0x7fefbaa0000 | 0x7fefbbc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x7fefca60000 | 0x7fefcaa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x7fefd350000 | 0x7fefd374fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x7fefd380000 | 0x7fefd38efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winsta.dll | 0x7fefd430000 | 0x7fefd46cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x7fefd470000 | 0x7fefd483fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x7fefd990000 | 0x7fefda28fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x7fefda30000 | 0x7fefda5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x7fefdb00000 | 0x7fefdbdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x7fefdbe0000 | 0x7fefdd57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x7fefdd60000 | 0x7fefddc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x7fefddd0000 | 0x7fefded8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x7fefdee0000 | 0x7fefdfa8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x7fefdfb0000 | 0x7fefed37fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x7fefed40000 | 0x7fefeddefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x7fefede0000 | 0x7fefefe2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x7feff2b0000 | 0x7feff320fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x7feff330000 | 0x7feff33dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x7feff340000 | 0x7feff598fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x7feff5a0000 | 0x7feff5a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x7feff5b0000 | 0x7feff5cefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x7feff5d0000 | 0x7feff6a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x7feff6b0000 | 0x7feff7d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x7feff7e0000 | 0x7feff82cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apisetschema.dll | 0x7feff860000 | 0x7feff860fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x110000, size = 245760 | 1 |
Fn
Data
|
|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x150000, size = 4 | 1 |
Fn
Data
|
|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x150004, size = 3056 | 1 |
Fn
Data
|
|
Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x11ad14 | 1 |
Fn
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open | STD_INPUT_HANDLE | 1 |
Fn
|
||
Open | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
Open | STD_ERROR_HANDLE | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | KERNEL32.dll | base_address = 0x77320000 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x7fefdb00000 | 1 |
Fn
|
|
Load | SHLWAPI.dll | base_address = 0x7feff2b0000 | 1 |
Fn
|
|
Load | SHELL32.dll | base_address = 0x7fefdfb0000 | 1 |
Fn
|
|
Load | USER32.dll | base_address = 0x77440000 | 1 |
Fn
|
|
Load | WS2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Load | WININET.dll | base_address = 0x7feff6b0000 | 1 |
Fn
|
|
Load | ole32.dll | base_address = 0x7fefede0000 | 1 |
Fn
|
|
Load | OLEAUT32.dll | base_address = 0x7feff5d0000 | 1 |
Fn
|
|
Load | urlmon.dll | base_address = 0x7fefdbe0000 | 1 |
Fn
|
|
Load | Ws2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77320000 | 1 |
Fn
|
|
Get Filename | process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Windows\system32\taskhost.exe, size = 260 | 3 |
Fn
|
||
Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x77331500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushFileBuffers, address_out = 0x773269f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x773435a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x77342b00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x773337a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x773367a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x77329b30 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x77331260 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7732af00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7733bdd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x77343050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x77343070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x77573f20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x775933a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x77337070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringA, address_out = 0x77324f60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Thread32First, address_out = 0x7736aa70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Thread32Next, address_out = 0x7736a980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThread, address_out = 0x77333f20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x77341bb0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x77336620 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x77335b50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x773435f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateMutexW, address_out = 0x773313c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ReleaseMutex, address_out = 0x77342b90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetLastError, address_out = 0x77342df0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x77331170 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x77342dd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x77336580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetComputerNameW, address_out = 0x7732d130 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateEventW, address_out = 0x77335290 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ExitThread, address_out = 0x77586930 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x775640f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77568100 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x77337700 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x77335a50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = AddVectoredExceptionHandler, address_out = 0x77623ad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLCID, address_out = 0x773233a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x773282b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x77342b20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x77343690 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x77343730 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address_out = 0x77336f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtect, address_out = 0x77322ef0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateRemoteThread, address_out = 0x7736c4f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualAllocEx, address_out = 0x7736bbd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualFreeEx, address_out = 0x7736bb90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DuplicateHandle, address_out = 0x77335d10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteProcessMemory, address_out = 0x7736bad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OpenProcess, address_out = 0x7733cad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Process32NextW, address_out = 0x773220f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Process32FirstW, address_out = 0x77321e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x773221e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7732ad70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x7736bca0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetEvent, address_out = 0x77333f00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7732ad90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x77342b70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x77342f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x77331870 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpiA, address_out = 0x773240a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = lstrlenA, address_out = 0x7733caf0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteConsoleW, address_out = 0x77333d40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetStdHandle, address_out = 0x7736bce0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleMode, address_out = 0x77342e60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleCP, address_out = 0x773605f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringW, address_out = 0x77340dd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapSize, address_out = 0x775682d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStringTypeW, address_out = 0x77339060 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringW, address_out = 0x7732b760 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address_out = 0x77336640 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCPInfo, address_out = 0x77336ce0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetOEMCP, address_out = 0x7733b580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetACP, address_out = 0x77336f90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsValidCodePage, address_out = 0x77339080 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77593000 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x77592fc0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x7736cc80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77328290 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlUnwindEx, address_out = 0x77352d90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsFree, address_out = 0x77331590 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsSetValue, address_out = 0x77335cd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x77342bd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsAlloc, address_out = 0x77337100 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x77339b70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x773b9330 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlVirtualUnwind, address_out = 0x7736b5b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlLookupFunctionEntry, address_out = 0x7736b610 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlCaptureContext, address_out = 0x7736b6f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x77336d20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x77336d00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x77333f40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x77336500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x773364a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x77338070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77565350 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileType, address_out = 0x77342e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStdHandle, address_out = 0x7733d750 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleExW, address_out = 0x7732b780 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RaiseException, address_out = 0x7732cf10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlPcToFileHeader, address_out = 0x77352d80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DecodePointer, address_out = 0x77569c50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EncodePointer, address_out = 0x77573bd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineA, address_out = 0x77341e70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemInfo, address_out = 0x77336f70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualQuery, address_out = 0x7733bd40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ResumeThread, address_out = 0x773313a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SuspendThread, address_out = 0x77322f60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x77333ee0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OpenThread, address_out = 0x7733c560 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushInstructionCache, address_out = 0x773233e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapCreate, address_out = 0x773370e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x77335cf0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadContext, address_out = 0x77322f10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetThreadContext, address_out = 0x77322f40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LocalFree, address_out = 0x773347a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7732d910 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptHashData, address_out = 0x7fefdb0dac0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7fefdb11ed0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefdb206f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSidSubAuthority, address_out = 0x7fefdb11754 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = OpenThreadToken, address_out = 0x7fefdb1bd84 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetTokenInformation, address_out = 0x7fefdb1bd50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = OpenProcessToken, address_out = 0x7fefdb1bd70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyExW, address_out = 0x7fefdb1b520 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptReleaseContext, address_out = 0x7fefdb0dd10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyHash, address_out = 0x7fefdb0db00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptGetHashParam, address_out = 0x7fefdb0db20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptCreateHash, address_out = 0x7fefdb0dad4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetLengthSid, address_out = 0x7fefdb1b580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefdb0d98c | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefdb1c480 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefdb20710 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExA, address_out = 0x7fefdb11dc0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyExA, address_out = 0x7fefdb11d10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRenameExtensionW, address_out = 0x7feff2de6c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRemoveBackslashW, address_out = 0x7feff2bd014 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathAddBackslashW, address_out = 0x7feff2c3f70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathAddExtensionW, address_out = 0x7feff2de630 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = wvnsprintfA, address_out = 0x7feff2e2200 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = wvnsprintfW, address_out = 0x7feff2e22e4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathCombineW, address_out = 0x7feff2c3dfc | 1 |
Fn
|
|
Get Address | c:\windows\system32\shell32.dll | function = SHGetFolderPathW, address_out = 0x7fefe033ba4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = MessageBoxA, address_out = 0x774b12b8 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = CharUpperW, address_out = 0x7745b714 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 18, address_out = 0x7feff7e4da0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 115, address_out = 0x7feff7e4980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 15, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 11, address_out = 0x7feff7e1350 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 9, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 19, address_out = 0x7feff7e8000 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindCloseUrlCache, address_out = 0x7feff6be600 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = StringFromGUID2, address_out = 0x7fefee03560 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CLSIDFromString, address_out = 0x7fefedf0680 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7fefedfa51c | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitializeSecurity, address_out = 0x7fefedf8220 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefee07490 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x7fefee01314 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x7fefee02a30 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 2, address_out = 0x7feff5d3480 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 6, address_out = 0x7feff5d1320 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 9, address_out = 0x7feff5d1180 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x77337190 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x773315b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x77343520 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x7733bd90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x773379b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x7736c4c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadStackGuarantee, address_out = 0x77328050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x77328820 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x7755b2f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x7754d620 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x7736ba80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolWait, address_out = 0x7755e170 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x7754c540 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77591f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77590040 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x7736b820 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x77395ad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EnumSystemLocalesEx, address_out = 0x7736c3d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CompareStringEx, address_out = 0x7736b980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetDateFormatEx, address_out = 0x773b0920 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x77323c10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetTimeFormatEx, address_out = 0x773ad4e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetUserDefaultLocaleName, address_out = 0x7736b790 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsValidLocaleName, address_out = 0x7736b770 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x7736b710 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\urlmon.dll | function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Sleep | duration = -1 (infinite) | 1 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:23 (UTC) | 1 |
Fn
|
|
Get Info | type = Operating System | 2 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #11 |
File Name | c:\windows\system32\dwm.exe |
Command Line | "C:\Windows\system32\Dwm.exe" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:44, Reason: Injection |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:29 |
Information | Value |
---|---|
PID | 0x55c |
Parent PID | 0x318 (c:\windows\system32\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
B44
0x
4A8
0x
4E0
0x
570
0x
564
0x
560
0x
634
0x
80C
0x
81C
0x
82C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000130000 | 0x00130000 | 0x001affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001c0000 | 0x001c0000 | 0x002bffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000002c0000 | 0x002c0000 | 0x00447fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000450000 | 0x00450000 | 0x005d0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000005e0000 | 0x005e0000 | 0x019dffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000019e0000 | 0x019e0000 | 0x01dd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001de0000 | 0x01de0000 | 0x01edffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001ee0000 | 0x01ee0000 | 0x01fbefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001fd0000 | 0x01fd0000 | 0x01fdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001fe0000 | 0x01fe0000 | 0x0201bfff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000002080000 | 0x02080000 | 0x020fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002150000 | 0x02150000 | 0x021cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000021d0000 | 0x021d0000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002250000 | 0x02250000 | 0x0230ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002310000 | 0x02310000 | 0x0238ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02390000 | 0x0265efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002660000 | 0x02660000 | 0x0275ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027b0000 | 0x027b0000 | 0x0282ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000028f0000 | 0x028f0000 | 0x0296ffff | Private Memory | Readable, Writable |
|
|||
kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x77710000 | 0x77716fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
dwm.exe | 0xff110000 | 0xff132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dxgi.dll | 0x7fefa130000 | 0x7fefa1d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d10_1core.dll | 0x7fefa1e0000 | 0x7fefa234fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d10_1.dll | 0x7fefa240000 | 0x7fefa273fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmcore.dll | 0x7fefa280000 | 0x7fefa411fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmredir.dll | 0x7fefa420000 | 0x7fefa446fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
windowscodecs.dll | 0x7fefad90000 | 0x7fefaeb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x7fefc650000 | 0x7fefc65bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wintrust.dll | 0x7fefd5e0000 | 0x7fefd619fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x7fefda30000 | 0x7fefda5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x7fefdb00000 | 0x7fefdbdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x7fefdbe0000 | 0x7fefdd57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x7fefdd60000 | 0x7fefddc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x7fefddd0000 | 0x7fefded8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x7fefdee0000 | 0x7fefdfa8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x7fefdfb0000 | 0x7fefed37fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x7fefed40000 | 0x7fefeddefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x7fefede0000 | 0x7fefefe2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x7feff2b0000 | 0x7feff320fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x7feff330000 | 0x7feff33dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x7feff340000 | 0x7feff598fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x7feff5a0000 | 0x7feff5a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x7feff5b0000 | 0x7feff5cefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x7feff5d0000 | 0x7feff6a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x7feff6b0000 | 0x7feff7d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x7feff7e0000 | 0x7feff82cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apisetschema.dll | 0x7feff860000 | 0x7feff860fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1fe0000, size = 245760 | 1 |
Fn
Data
|
|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x120000, size = 4 | 1 |
Fn
Data
|
|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x120004, size = 3056 | 1 |
Fn
Data
|
|
Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x1fead14 | 1 |
Fn
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open | STD_INPUT_HANDLE | 1 |
Fn
|
||
Open | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
Open | STD_ERROR_HANDLE | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | KERNEL32.dll | base_address = 0x77320000 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x7fefdb00000 | 1 |
Fn
|
|
Load | SHLWAPI.dll | base_address = 0x7feff2b0000 | 1 |
Fn
|
|
Load | SHELL32.dll | base_address = 0x7fefdfb0000 | 1 |
Fn
|
|
Load | USER32.dll | base_address = 0x77440000 | 1 |
Fn
|
|
Load | WS2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Load | WININET.dll | base_address = 0x7feff6b0000 | 1 |
Fn
|
|
Load | ole32.dll | base_address = 0x7fefede0000 | 1 |
Fn
|
|
Load | OLEAUT32.dll | base_address = 0x7feff5d0000 | 1 |
Fn
|
|
Load | urlmon.dll | base_address = 0x7fefdbe0000 | 1 |
Fn
|
|
Load | Ws2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77320000 | 1 |
Fn
|
|
Get Filename | process_name = c:\windows\system32\dwm.exe, file_name_orig = C:\Windows\system32\Dwm.exe, size = 260 | 3 |
Fn
|
||
Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x77331500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushFileBuffers, address_out = 0x773269f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x773435a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x77342b00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x773337a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x773367a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x77329b30 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x77331260 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7732af00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7733bdd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x77343050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x77343070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x77573f20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x775933a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x77337070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringA, address_out = 0x77324f60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Thread32First, address_out = 0x7736aa70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Thread32Next, address_out = 0x7736a980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThread, address_out = 0x77333f20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x77341bb0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x77336620 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x77335b50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x773435f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateMutexW, address_out = 0x773313c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ReleaseMutex, address_out = 0x77342b90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetLastError, address_out = 0x77342df0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x77331170 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x77342dd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x77336580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetComputerNameW, address_out = 0x7732d130 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateEventW, address_out = 0x77335290 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ExitThread, address_out = 0x77586930 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x775640f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77568100 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x77337700 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x77335a50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = AddVectoredExceptionHandler, address_out = 0x77623ad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLCID, address_out = 0x773233a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x773282b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x77342b20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x77343690 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x77343730 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address_out = 0x77336f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtect, address_out = 0x77322ef0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateRemoteThread, address_out = 0x7736c4f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualAllocEx, address_out = 0x7736bbd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualFreeEx, address_out = 0x7736bb90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DuplicateHandle, address_out = 0x77335d10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteProcessMemory, address_out = 0x7736bad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OpenProcess, address_out = 0x7733cad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Process32NextW, address_out = 0x773220f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Process32FirstW, address_out = 0x77321e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x773221e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7732ad70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x7736bca0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetEvent, address_out = 0x77333f00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7732ad90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x77342b70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x77342f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x77331870 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpiA, address_out = 0x773240a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = lstrlenA, address_out = 0x7733caf0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteConsoleW, address_out = 0x77333d40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetStdHandle, address_out = 0x7736bce0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleMode, address_out = 0x77342e60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleCP, address_out = 0x773605f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringW, address_out = 0x77340dd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapSize, address_out = 0x775682d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStringTypeW, address_out = 0x77339060 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringW, address_out = 0x7732b760 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address_out = 0x77336640 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCPInfo, address_out = 0x77336ce0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetOEMCP, address_out = 0x7733b580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetACP, address_out = 0x77336f90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsValidCodePage, address_out = 0x77339080 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77593000 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x77592fc0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x7736cc80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77328290 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlUnwindEx, address_out = 0x77352d90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsFree, address_out = 0x77331590 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsSetValue, address_out = 0x77335cd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x77342bd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsAlloc, address_out = 0x77337100 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x77339b70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x773b9330 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlVirtualUnwind, address_out = 0x7736b5b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlLookupFunctionEntry, address_out = 0x7736b610 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlCaptureContext, address_out = 0x7736b6f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x77336d20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x77336d00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x77333f40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x77336500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x773364a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x77338070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77565350 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileType, address_out = 0x77342e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStdHandle, address_out = 0x7733d750 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleExW, address_out = 0x7732b780 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RaiseException, address_out = 0x7732cf10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlPcToFileHeader, address_out = 0x77352d80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DecodePointer, address_out = 0x77569c50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EncodePointer, address_out = 0x77573bd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineA, address_out = 0x77341e70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemInfo, address_out = 0x77336f70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualQuery, address_out = 0x7733bd40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ResumeThread, address_out = 0x773313a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SuspendThread, address_out = 0x77322f60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x77333ee0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OpenThread, address_out = 0x7733c560 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushInstructionCache, address_out = 0x773233e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapCreate, address_out = 0x773370e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x77335cf0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadContext, address_out = 0x77322f10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetThreadContext, address_out = 0x77322f40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LocalFree, address_out = 0x773347a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7732d910 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptHashData, address_out = 0x7fefdb0dac0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7fefdb11ed0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefdb206f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSidSubAuthority, address_out = 0x7fefdb11754 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = OpenThreadToken, address_out = 0x7fefdb1bd84 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetTokenInformation, address_out = 0x7fefdb1bd50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = OpenProcessToken, address_out = 0x7fefdb1bd70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyExW, address_out = 0x7fefdb1b520 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptReleaseContext, address_out = 0x7fefdb0dd10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyHash, address_out = 0x7fefdb0db00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptGetHashParam, address_out = 0x7fefdb0db20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptCreateHash, address_out = 0x7fefdb0dad4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetLengthSid, address_out = 0x7fefdb1b580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefdb0d98c | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefdb1c480 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefdb20710 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExA, address_out = 0x7fefdb11dc0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyExA, address_out = 0x7fefdb11d10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRenameExtensionW, address_out = 0x7feff2de6c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRemoveBackslashW, address_out = 0x7feff2bd014 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathAddBackslashW, address_out = 0x7feff2c3f70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathAddExtensionW, address_out = 0x7feff2de630 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = wvnsprintfA, address_out = 0x7feff2e2200 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = wvnsprintfW, address_out = 0x7feff2e22e4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathCombineW, address_out = 0x7feff2c3dfc | 1 |
Fn
|
|
Get Address | c:\windows\system32\shell32.dll | function = SHGetFolderPathW, address_out = 0x7fefe033ba4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = MessageBoxA, address_out = 0x774b12b8 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = CharUpperW, address_out = 0x7745b714 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 18, address_out = 0x7feff7e4da0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 115, address_out = 0x7feff7e4980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 15, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 11, address_out = 0x7feff7e1350 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 9, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 19, address_out = 0x7feff7e8000 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindCloseUrlCache, address_out = 0x7feff6be600 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = StringFromGUID2, address_out = 0x7fefee03560 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CLSIDFromString, address_out = 0x7fefedf0680 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7fefedfa51c | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitializeSecurity, address_out = 0x7fefedf8220 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefee07490 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x7fefee01314 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x7fefee02a30 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 2, address_out = 0x7feff5d3480 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 6, address_out = 0x7feff5d1320 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 9, address_out = 0x7feff5d1180 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x77337190 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x773315b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x77343520 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x7733bd90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x773379b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x7736c4c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadStackGuarantee, address_out = 0x77328050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x77328820 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x7755b2f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x7754d620 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x7736ba80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolWait, address_out = 0x7755e170 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x7754c540 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77591f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77590040 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x7736b820 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x77395ad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EnumSystemLocalesEx, address_out = 0x7736c3d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CompareStringEx, address_out = 0x7736b980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetDateFormatEx, address_out = 0x773b0920 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x77323c10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetTimeFormatEx, address_out = 0x773ad4e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetUserDefaultLocaleName, address_out = 0x7736b790 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsValidLocaleName, address_out = 0x7736b770 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x7736b710 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\urlmon.dll | function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Sleep | duration = -1 (infinite) | 1 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:24 (UTC) | 1 |
Fn
|
|
Get Info | type = Operating System | 2 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #12 |
File Name | c:\windows\syswow64\msiexec.exe |
Command Line | C:\Windows\syswow64\msiexec.exe |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:44, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:29 |
Information | Value |
---|---|
PID | 0x65c |
Parent PID | 0x568 (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
67C
0x
928
0x
690
0x
91C
0x
914
0x
9A0
0x
9C8
0x
9C4
0x
9C0
0x
41C
0x
440
0x
910
0x
8C0
0x
9D4
0x
8B8
0x
8C8
0x
9E8
0x
A04
0x
8F8
0x
A0C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000070000 | 0x00070000 | 0x000affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable |
|
|||
msiexec.exe.mui | 0x000c0000 | 0x000c0fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000130000 | 0x00130000 | 0x0035afff | Private Memory | Readable, Writable, Executable |
|
|||
locale.nls | 0x00360000 | 0x003c6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003f0000 | 0x003f0000 | 0x00404fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000400000 | 0x00400000 | 0x00414fff | Pagefile Backed Memory | Readable, Writable |
|
|||
windowsshell.manifest | 0x00400000 | 0x00400fff | Memory Mapped File | Readable |
|
|||
index.dat | 0x00400000 | 0x00407fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000410000 | 0x00410000 | 0x00411fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000420000 | 0x00420000 | 0x0045ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x0049ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x004e8fff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x00460000 | 0x0049bfff | Memory Mapped File | Readable |
|
|||
private_0x00000000004a0000 | 0x004a0000 | 0x004dffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x004e0000 | 0x004f3fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000004f0000 | 0x004f0000 | 0x0057afff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x00500000 | 0x0050ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000510000 | 0x00510000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000510000 | 0x00510000 | 0x00510fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000520000 | 0x00520000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000580000 | 0x00580000 | 0x005bffff | Private Memory | Readable, Writable |
|
|||
msiexec.exe | 0x005f0000 | 0x00603fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000640000 | 0x00640000 | 0x0067ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000680000 | 0x00680000 | 0x006bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006d0000 | 0x006d0000 | 0x0074ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000780000 | 0x00780000 | 0x007bffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000810000 | 0x00810000 | 0x0090ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000910000 | 0x00910000 | 0x00a97fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x00c20fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000c30000 | 0x00c30000 | 0x0202ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002030000 | 0x02030000 | 0x0210ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002040000 | 0x02040000 | 0x0207ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000020d0000 | 0x020d0000 | 0x0210ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002110000 | 0x02110000 | 0x021effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002120000 | 0x02120000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002170000 | 0x02170000 | 0x021affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000021b0000 | 0x021b0000 | 0x021effff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x021f0000 | 0x024befff | Memory Mapped File | Readable |
|
|||
private_0x00000000024c0000 | 0x024c0000 | 0x0318cfff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024c0000 | 0x024c0000 | 0x024fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002540000 | 0x02540000 | 0x0257ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002580000 | 0x02580000 | 0x025bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000025c0000 | 0x025c0000 | 0x025fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002620000 | 0x02620000 | 0x0265ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002660000 | 0x02660000 | 0x027effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002660000 | 0x02660000 | 0x0275ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002770000 | 0x02770000 | 0x027affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027b0000 | 0x027b0000 | 0x027effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027f0000 | 0x027f0000 | 0x028cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000028d0000 | 0x028d0000 | 0x0290ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002950000 | 0x02950000 | 0x0298ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002990000 | 0x02990000 | 0x02d9ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000002da0000 | 0x02da0000 | 0x031affff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000002da0000 | 0x02da0000 | 0x02e9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002da0000 | 0x02da0000 | 0x02ddffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e00000 | 0x02e00000 | 0x02e3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e90000 | 0x02e90000 | 0x02e9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ea0000 | 0x02ea0000 | 0x0302ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003190000 | 0x03190000 | 0x03e5cfff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e60000 | 0x03e60000 | 0x04080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004090000 | 0x04090000 | 0x04371fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004380000 | 0x04380000 | 0x049fcfff | Private Memory | Readable, Writable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msi.dll | 0x745f0000 | 0x7482ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74990000 | 0x7499efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x749a0000 | 0x749b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x749c0000 | 0x749c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x749d0000 | 0x749e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74a40000 | 0x74a7afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74a80000 | 0x74a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wship6.dll | 0x74b40000 | 0x74b45fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74b50000 | 0x74b54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x74bf0000 | 0x74bfffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74c00000 | 0x74c51fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74c60000 | 0x74ca3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74cb0000 | 0x74e4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sensapi.dll | 0x75170000 | 0x75175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rtutils.dll | 0x75180000 | 0x7518cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x75190000 | 0x751a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x751e0000 | 0x751eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x75220000 | 0x75226fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x75230000 | 0x7524bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x75530000 | 0x7572afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x75990000 | 0x75aacfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x76e10000 | 0x76f04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x76ff0000 | 0x77125fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x776f0000 | 0x776fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 45 entries are omitted.
The remaining entries can be found in flog.txt. |
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0xb0000, size = 4 | 1 |
Fn
Data
|
|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0xb0004, size = 3004 | 1 |
Fn
Data
|
|
Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x175220 | 1 |
Fn
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\adu0vk iwa5kls\appdata\roaming\libeay32.dll | 1.90 MB (1990144 bytes) |
MD5:
2ed6a2a2be88d3a48fa820a6bb15cd25
SHA1: fbbfa096208027cb99174dac08b16818db397521 SHA256: d61532be14bec8dd27477b58cb767579d58900634b0c33b8ade81aec85171b0b |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\libevent-2-0-5.dll | 702.36 KB (719217 bytes) |
MD5:
90f50a285efa5dd9c7fddce786bdef25
SHA1: 54213da21542e11d656bb65db724105afe8be688 SHA256: 77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\libgcc_s_sjlj-1.dll | 511.00 KB (523262 bytes) |
MD5:
73d4823075762ee2837950726baa2af9
SHA1: ebce3532ed94ad1df43696632ab8cf8da8b9e221 SHA256: 9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\libssp-0.dll | 90.43 KB (92599 bytes) |
MD5:
78581e243e2b41b17452da8d0b5b2a48
SHA1: eaefb59c31cf07e60a98af48c5348759586a61bb SHA256: f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\ssleay32.dll | 391.00 KB (400384 bytes) |
MD5:
acfdeda45860601f49e4d2b102078981
SHA1: 7df7645fc704f955b8762593aac7b2e8535fbe29 SHA256: 1c8f8ce21cd0d01c8b302ebe9c4b85a4a18babec0f84c05e56d5fa4b95bcf688 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe | 2.83 MB (2967040 bytes) |
MD5:
404242a1b8f01d51ef4789132b784691
SHA1: 9059b0dfe5c629ee82c640f41041471104baf343 SHA256: 58a4e31a68fb7467a0b56578548487ebd19cc9ce79584fc3fa4864ce87a15f71 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\zlib1.dll | 105.00 KB (107520 bytes) |
MD5:
fb072e9f69afdb57179f59b512f828a4
SHA1: fe71b70173e46ee4e3796db9139f77dc32d2f846 SHA256: 66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383 |
|
|
c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\gate[1].htm | 0.37 KB (378 bytes) |
MD5:
801c4ac09de1b23450cddc2e4cc5d0cb
SHA1: 0483e182aefe4ced1301cc5960f33db4ec71bacd SHA256: e3e3ef35ce7e15c39f7e32fc99fe5122c78f407dc08fbc6ea44ed2b1b7b8c358 |
|
|
c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\checkip_dyndns_org[1].htm | 0.10 KB (106 bytes) |
MD5:
e8c75025c3e9c749a89c4b38a8fc2af5
SHA1: 8e10161663dc8505c029d455a4cbffb645493ee9 SHA256: 860a87ddd2c1b97a6a896edff00cdb3e00da0333ea7981b580ab9a36fa08a2cf |
|
|
c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\gate[1].htm | 6.18 KB (6333 bytes) |
MD5:
17b3f7028152cf786bf9737c8784c930
SHA1: 1ef367f4aa15ad74afb8b493c7a43fa49538502c SHA256: 83026559a6e963cc25661ddbfaac6ec3995bc4217d1ca4d07ed93ce35f248ff1 |
|
|
c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\gate[1].htm | 1.02 KB (1040 bytes) |
MD5:
710e7f9d209f1a103df22337b838aa74
SHA1: 98434bf33b9e497b7578ca1963ca479b77221c14 SHA256: 9cae944e9aa4b23fe49ebde567ce2fee3045e864111cb1ff84daa8fe17db15f9 |
|
|
c:\users\adu0vk~1\appdata\local\temp\okguaxb.crt | 1.00 KB (1025 bytes) |
MD5:
a78828838883401dbf1ec05583bc7c8a
SHA1: e6a3a437d4b3fbfd5750e5aa962570c1da1ef6fd SHA256: ca3afa28388e5b26ef47402c85adf558d8610d097f67637d8d01456145afb3b9 |
|
|
c:\users\adu0vk~1\appdata\local\temp\certutil.exe | 101.50 KB (103936 bytes) |
MD5:
0c6b43c9602f4d5ac9dcf907103447c4
SHA1: 7a77c7ae99d400243845cce0e0931f029a73f79a SHA256: 5950722034c8505daa9b359127feb707f16c37d2f69e79d16ee6d9ec37690478 |
|
|
c:\users\adu0vk~1\appdata\local\temp\freebl3.dll | 217.00 KB (222208 bytes) |
MD5:
269beb631b580c6d54db45b5573b1de5
SHA1: 64050c1159c2bcfc0e75da407ef0098ad2de17c8 SHA256: ffc7558a61a4e6546cf095bdeabea19f05247a0daa02dca20ea3605e7fc62c77 |
|
|
c:\users\adu0vk~1\appdata\local\temp\libnspr4.dll | 195.00 KB (199680 bytes) |
MD5:
6e84af2875700285309dd29294365c6a
SHA1: fc3cb3b2a704250fc36010e2ab495cdc5e7378a9 SHA256: 1c158e680749e642e55f721f60a71314e26e03e785cd92e560bf650b83c4c3c8 |
|
|
c:\users\adu0vk~1\appdata\local\temp\libplc4.dll | 14.00 KB (14336 bytes) |
MD5:
1fae68b740f18290b98b2f9e23313cc2
SHA1: fa3545dc8db38b3b27f1009e1d61dc2949df3878 SHA256: 751c2156dc00525668dd990d99f7f61c257951c3fad01c0ee6359fcdff69f933 |
|
|
c:\users\adu0vk~1\appdata\local\temp\libplds4.dll | 12.00 KB (12288 bytes) |
MD5:
9ae76db13972553a5de5bdd07b1b654d
SHA1: 0c4508eb6f13b9b178237ccc4da759bff10af658 SHA256: 38a906373419501966daf6ec19ca2f8db7b29609128ae5cb424d2aa511652c29 |
|
|
c:\users\adu0vk~1\appdata\local\temp\msvcr100.dll | 755.83 KB (773968 bytes) |
MD5:
0e37fbfa79d349d672456923ec5fbbe3
SHA1: 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 SHA256: 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
|
|
c:\users\adu0vk~1\appdata\local\temp\nss3.dll | 780.00 KB (798720 bytes) |
MD5:
a1c4628d184b6ab25550b1ce74f44792
SHA1: c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc SHA256: 3f997d3f1674de9fd119f275638861bc229352f12c70536d8c83a70fcc370847 |
|
|
c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | 106.00 KB (108544 bytes) |
MD5:
051652ba7ca426846e936bc5aa3f39f3
SHA1: 0012007876dde3a2d764249ad86bc428300fe91e SHA256: 8eca993570fa55e8fe8f417143eea8128a58472e23074cbd2e6af4d3bb0f0d9a |
|
|
c:\users\adu0vk~1\appdata\local\temp\nssutil3.dll | 91.50 KB (93696 bytes) |
MD5:
c26e940b474728e728cafe5912ba418a
SHA1: 7256e378a419f8d87de71835e6ad12faadaaaf73 SHA256: 1af1ac51a92b36de8d85d1f572369815404912908c3a489a6cd7ca2350c2a93d |
|
|
c:\users\adu0vk~1\appdata\local\temp\smime3.dll | 95.50 KB (97792 bytes) |
MD5:
a5c670edf4411bf7f132f4280026137b
SHA1: c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58 SHA256: aba2732c7a016730e94e645dd04e8fafcc173fc2e5e2aac01a1c0c66ead1983e |
|
|
c:\users\adu0vk~1\appdata\local\temp\softokn3.dll | 168.50 KB (172544 bytes) |
MD5:
2ab31c9401870adb4e9d88b5a6837abf
SHA1: 4f0fdd699e63f614d79ed6e47ef61938117d3b7a SHA256: 22ecece561510f77b100cff8109e5ed492c34707b7b14e0774aaa9ca813de4ad |
|
|
c:\users\adu0vk~1\appdata\local\temp\sqlite3.dll | 414.00 KB (423936 bytes) |
MD5:
b58848a28a1efb85677e344db1fd67e6
SHA1: dad48e2b2b3b936efc15ac2c5f9099b7a1749976 SHA256: 00db98ab4d50e9b26ecd193bfad6569e1dd395db14246f8c233febba93965f7a |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libeay32.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libevent-2-0-5.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libgcc_s_sjlj-1.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libssp-0.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\ssleay32.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\zlib1.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\freebl3.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\libnspr4.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\libplc4.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\libplds4.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\msvcr100.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\nss3.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\nssdbm3.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\nssutil3.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\smime3.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\sqlite3.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | type = size, size_out = 13422020 | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.tmp | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt | type = file_type | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db | type = size, size_out = 65536 | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | type = size, size_out = 13422020 | 1 |
Fn
|
|
Open | STD_INPUT_HANDLE | 1 |
Fn
|
||
Open | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
Open | STD_ERROR_HANDLE | 1 |
Fn
|
||
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | size = 13422020, size_out = 13422020 | 1 |
Fn
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db | size = 65536, size_out = 65536 | 1 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi | size = 13422020, size_out = 13422020 | 1 |
Fn
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libeay32.dll | size = 1990144 | 1 |
Fn
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libevent-2-0-5.dll | size = 719217 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libgcc_s_sjlj-1.dll | size = 523262 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libssp-0.dll | size = 92599 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\ssleay32.dll | size = 400384 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe | size = 2967040 | 1 |
Fn
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\zlib1.dll | size = 107520 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt | size = 1025 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe | size = 103936 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\freebl3.dll | size = 222208 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\libnspr4.dll | size = 199680 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\libplc4.dll | size = 14336 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\libplds4.dll | size = 12288 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\msvcr100.dll | size = 773968 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\nss3.dll | size = 798720 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\nssdbm3.dll | size = 108544 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\nssutil3.dll | size = 93696 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\smime3.dll | size = 97792 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll | size = 172544 | 1 |
Fn
Data
|
|
Write | C:\Users\ADU0VK~1\AppData\Local\Temp\sqlite3.dll | size = 423936 | 1 |
Fn
Data
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 2 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 2 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Create Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 3 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 2 |
Fn
|
||
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Seto | 1 |
Fn
|
||
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 2 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 2 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 2 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 2 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 6 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 2 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 2 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 4 |
Fn
Data
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, type = REG_BINARY | 2 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 1445, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 1828, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 3220, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 3315, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 6682, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Xayqzo, size = 2123, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 7244, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 7055, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 7055, type = REG_BINARY | 1 |
Fn
Data
|
|
Write Value | HKEY_CURRENT_USER\Software\Microsoft\Seto | value_name = Yqlozyzuz, size = 9367, type = REG_BINARY | 1 |
Fn
Data
|
Operation | Process | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe | os_pid = 0x9b4, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE | 1 |
Fn
|
|
Create | "C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe" -A -n "yvesl" -t "C,C,C" -i "C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt" -d "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default" | os_pid = 0x8e8, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | KERNEL32.dll | base_address = 0x75dc0000 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Load | SHLWAPI.dll | base_address = 0x76f10000 | 1 |
Fn
|
|
Load | SHELL32.dll | base_address = 0x75fe0000 | 1 |
Fn
|
|
Load | USER32.dll | base_address = 0x757e0000 | 1 |
Fn
|
|
Load | WS2_32.dll | base_address = 0x76dd0000 | 1 |
Fn
|
|
Load | CRYPT32.dll | base_address = 0x75990000 | 1 |
Fn
|
|
Load | WININET.dll | base_address = 0x76e10000 | 1 |
Fn
|
|
Load | DNSAPI.dll | base_address = 0x74c60000 | 1 |
Fn
|
|
Load | ole32.dll | base_address = 0x752e0000 | 1 |
Fn
|
|
Load | OLEAUT32.dll | base_address = 0x75ed0000 | 1 |
Fn
|
|
Load | urlmon.dll | base_address = 0x76ff0000 | 1 |
Fn
|
|
Load | Ws2_32.dll | base_address = 0x76dd0000 | 1 |
Fn
|
|
Load | ADVAPI32.DLL | base_address = 0x77280000 | 1 |
Fn
|
|
Load | KERNEL32.DLL | base_address = 0x75dc0000 | 1 |
Fn
|
|
Load | NETAPI32.DLL | base_address = 0x749d0000 | 1 |
Fn
|
|
Load | USER32.DLL | base_address = 0x757e0000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75dc0000 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\msiexec.exe | base_address = 0x5f0000 | 1 |
Fn
|
|
Get Filename | process_name = c:\windows\syswow64\msiexec.exe, file_name_orig = C:\Windows\syswow64\msiexec.exe, size = 260 | 3 |
Fn
|
||
Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75dd11c0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventA, address_out = 0x75dd328c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ResetEvent, address_out = 0x75dd16dd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x75dece2e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75dd3ed3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlushFileBuffers, address_out = 0x75dd469b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75dd1282 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetStdHandle, address_out = 0x75dd51b3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileType, address_out = 0x75dd3531 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleMode, address_out = 0x75dd1328 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WriteConsoleW, address_out = 0x75df7aca | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75dd110c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75ded4f7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75dd1856 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x75dd59e2 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75dd186e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x75dec807 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = RemoveDirectoryW, address_out = 0x75e544cf | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetVolumeNameForVolumeMountPointW, address_out = 0x75de052f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x75dd14e9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x75dd14c9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77761f6e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7774e026 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x75dd49d7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = OutputDebugStringA, address_out = 0x75dfb2b7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Thread32Next, address_out = 0x75e55c3f | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Thread32First, address_out = 0x75e55b93 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThread, address_out = 0x75dd17ec | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x75dd103d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x75dd34c8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FormatMessageW, address_out = 0x75dd4620 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address_out = 0x75dd192e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x75dd170d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address_out = 0x75dd424c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseMutex, address_out = 0x75dd111e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetLastError, address_out = 0x75dd11a9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x75dd4220 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameW, address_out = 0x75dddd0e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address_out = 0x75dd168c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x75dd11f8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLCID, address_out = 0x75dd32a9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75dd1222 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address_out = 0x75dd34b0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryW, address_out = 0x75dd492b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualProtect, address_out = 0x75dd435f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WriteProcessMemory, address_out = 0x75ded9e0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAllocEx, address_out = 0x75ded9b0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateRemoteThread, address_out = 0x75e5416b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = DuplicateHandle, address_out = 0x75dd1886 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFreeEx, address_out = 0x75ded9c8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address_out = 0x75dd1986 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x75df735f | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32FirstW, address_out = 0x75df8baf | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32NextW, address_out = 0x75df896c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x75dd4259 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x75ded802 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75dd3f5c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address_out = 0x75dd3e8e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75dd4442 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x75dd54ee | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x75dd4435 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThreadId, address_out = 0x75dd1450 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTime, address_out = 0x75dd5a96 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocalTime, address_out = 0x75dd5aa6 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetEvent, address_out = 0x75dd16c5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x75dd1b18 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x75de9b2d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LocalFree, address_out = 0x75dd2d3c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x75de10b5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x75dd1ae5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x777545f5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77752c42 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75dd1410 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75dd34d5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = PeekNamedPipe, address_out = 0x75e54821 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileInformationByHandle, address_out = 0x75dd53ae | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FileTimeToSystemTime, address_out = 0x75dd542c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x75dd418b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileExW, address_out = 0x75de1811 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FileTimeToLocalFileTime, address_out = 0x75dde29e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventW, address_out = 0x75dd183e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ExitThread, address_out = 0x7777d598 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75dd7a10 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x75dd4950 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTimeZoneInformation, address_out = 0x75dd465a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = AddVectoredExceptionHandler, address_out = 0x7779742b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75dd10ff | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x75dd1136 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77742270 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x75dd5a4b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetEnvironmentVariableA, address_out = 0x75dde331 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringW, address_out = 0x75dd17b9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address_out = 0x75dd3bca | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetStringTypeW, address_out = 0x75dd1946 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetStdHandle, address_out = 0x75e5454f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ReadConsoleW, address_out = 0x75e7739a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleCP, address_out = 0x75e77bff | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = TlsFree, address_out = 0x75dd3587 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = TlsSetValue, address_out = 0x75dd14fb | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = TlsGetValue, address_out = 0x75dd11e0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = TlsAlloc, address_out = 0x75dd49ad | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x75dd87c9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x75df772f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x75dd51cb | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x75dd51e3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x75dd14b1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentDirectoryW, address_out = 0x75dd5611 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x75dd4d40 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = RtlUnwind, address_out = 0x75dfd1c3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x75dd1916 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCPInfo, address_out = 0x75dd5189 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetOEMCP, address_out = 0x75dfd1a1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetACP, address_out = 0x75dd179c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidCodePage, address_out = 0x75dd4493 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedIncrement, address_out = 0x75dd1400 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = RaiseException, address_out = 0x75dd58a6 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExW, address_out = 0x75dd495d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleMode, address_out = 0x75dea77d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ReadConsoleInputA, address_out = 0x75e76f53 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x75dd5235 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75dd4a5d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x777422b0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x75dd89b3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleCtrlHandler, address_out = 0x75dd8a09 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedDecrement, address_out = 0x75dd13f0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address_out = 0x77759d35 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = EncodePointer, address_out = 0x77760fcb | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address_out = 0x75dd51a1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleExW, address_out = 0x75dd4a6f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualQuery, address_out = 0x75dd445a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address_out = 0x75dd43ef | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SuspendThread, address_out = 0x75df7d7e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = OpenThread, address_out = 0x75de1248 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedExchange, address_out = 0x75dd1462 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlushInstructionCache, address_out = 0x75dd4393 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75dd1809 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadContext, address_out = 0x75e55393 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadContext, address_out = 0x75df79d4 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = TryEnterCriticalSection, address_out = 0x77752500 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFullPathNameW, address_out = 0x75dd40d4 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFullPathNameA, address_out = 0x75dde2c1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsW, address_out = 0x75dd4173 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiW, address_out = 0x75ded5cd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTempPathW, address_out = 0x75ded4dc | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x75dd53c6 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x75dd196e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapCompact, address_out = 0x75dd4717 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x75dd17d1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = MapViewOfFile, address_out = 0x75dd18f1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = UnmapViewOfFile, address_out = 0x75dd1826 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedCompareExchange, address_out = 0x75dd1484 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = UnlockFile, address_out = 0x75dfcf36 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlushViewOfFile, address_out = 0x75dfb909 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LockFile, address_out = 0x75dfcf1e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObjectEx, address_out = 0x75dd1151 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = OutputDebugStringW, address_out = 0x75dfd1d4 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = UnlockFileEx, address_out = 0x75dfd594 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x75dd3509 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FormatMessageA, address_out = 0x75df5fbd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapDestroy, address_out = 0x75dd35b7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x75dd5414 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapCreate, address_out = 0x75dd4a2d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x75dd4467 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x75dd1245 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x75dd1725 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalMemoryStatus, address_out = 0x75dd8b6d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlushConsoleInputBuffer, address_out = 0x75e77a9f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SystemTimeToFileTime, address_out = 0x75dd5a7e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileA, address_out = 0x75dd5444 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = AreFileApisANSI, address_out = 0x75e540d1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTempPathA, address_out = 0x75df276c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExA, address_out = 0x75dd3519 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesExW, address_out = 0x75dd4574 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address_out = 0x75dd49ca | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceA, address_out = 0x75e5433f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileMappingW, address_out = 0x75dd1909 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileMappingA, address_out = 0x75dd5506 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceW, address_out = 0x75def7aa | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LockFileEx, address_out = 0x75dfd57c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapSize, address_out = 0x77753002 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = HeapValidate, address_out = 0x75deb17b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7728df14 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteKeyW, address_out = 0x77291272 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteKeyA, address_out = 0x772aa8b7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = GetLengthSid, address_out = 0x7729413b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = DeregisterEventSource, address_out = 0x772935dd | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegisterEventSourceA, address_out = 0x77292d46 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = ReportEventA, address_out = 0x77283ee9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = SetNamedSecurityInfoW, address_out = 0x77289fe2 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = GetSecurityDescriptorSacl, address_out = 0x77294608 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = SetSecurityDescriptorDacl, address_out = 0x7729415e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = SetSecurityDescriptorSacl, address_out = 0x77294680 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77291f59 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = InitializeSecurityDescriptor, address_out = 0x77294620 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x772914d6 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x772946ad | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7729468d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = GetSidSubAuthority, address_out = 0x77290e24 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = GetSidSubAuthorityCount, address_out = 0x77290e0c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = LookupPrivilegeValueW, address_out = 0x772941b3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x7729418e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = OpenThreadToken, address_out = 0x7729432c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address_out = 0x7729431c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x77294304 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyExW, address_out = 0x772940fe | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptCreateHash, address_out = 0x7728df4e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptHashData, address_out = 0x7728df36 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyHash, address_out = 0x7728df66 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGetHashParam, address_out = 0x7728df7e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x7728e124 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyExA, address_out = 0x77291469 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x772948ef | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x77294907 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExA, address_out = 0x772914b3 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7729469d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = InitiateSystemShutdownExW, address_out = 0x772ddb3a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathAddBackslashW, address_out = 0x76f2c177 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = StrCmpNIA, address_out = 0x76f1d11c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathRemoveBackslashW, address_out = 0x76f25c62 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathCombineW, address_out = 0x76f2c39c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathMatchSpecW, address_out = 0x76f286f7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = UrlUnescapeA, address_out = 0x76f3c6fb | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathAddExtensionW, address_out = 0x76f12589 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = wvnsprintfA, address_out = 0x76f3edfe | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = wvnsprintfW, address_out = 0x76f5066c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathRemoveFileSpecW, address_out = 0x76f23248 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathRenameExtensionW, address_out = 0x76f4d32a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathIsURLW, address_out = 0x76f255bf | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shlwapi.dll | function = PathSkipRootW, address_out = 0x76f3fbf5 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shell32.dll | function = SHGetFolderPathA, address_out = 0x760f7804 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75ff3c71 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\shell32.dll | function = SHGetFolderPathW, address_out = 0x76065708 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = CharLowerA, address_out = 0x75803e75 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = CharUpperW, address_out = 0x757ff350 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxA, address_out = 0x7584fd1e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetUserObjectInformationW, address_out = 0x757f8068 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetProcessWindowStation, address_out = 0x757f9eea | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = ExitWindowsEx, address_out = 0x75841497 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 11, address_out = 0x76dd311b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = freeaddrinfo, address_out = 0x76dd4b1b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = getaddrinfo, address_out = 0x76dd4296 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 5, address_out = 0x76dd7147 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 6, address_out = 0x76dd30af | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 3, address_out = 0x76dd3918 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 1, address_out = 0x76dd68b6 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 15, address_out = 0x76dd2d8b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 111, address_out = 0x76dd37ad | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 12, address_out = 0x76ddb131 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\ws2_32.dll | function = 16, address_out = 0x76dd6b0e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75dd4f2b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75dd359f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75dd1252 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75dd4208 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x75dd4d28 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x75e54195 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadStackGuarantee, address_out = 0x75ddd31f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x75deee7e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x7776441c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7778c50e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x7778c381 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x75def088 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolWait, address_out = 0x777705d7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x7778ca24 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77740b8c | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x777ffde8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77791e1d | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x75e54761 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x75e4cd11 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = EnumSystemLocalesEx, address_out = 0x75e5424f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringEx, address_out = 0x75e546b1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatEx, address_out = 0x75e66676 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x75e54751 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetTimeFormatEx, address_out = 0x75e665f1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultLocaleName, address_out = 0x75e547c1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidLocaleName, address_out = 0x75e547e1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x75e547f1 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\urlmon.dll | function = ObtainUserAgentString, address_out = 0x77021d76 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\netapi32.dll | function = NetStatisticsGet, address_out = 0x749d644f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\netapi32.dll | function = NetApiBufferFree, address_out = 0x749c13d2 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address_out = 0x7728dfc8 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\msiexec.exe | function = _OPENSSL_isservice, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetForegroundWindow, address_out = 0x75802320 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetCursorInfo, address_out = 0x7585812f | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetQueueStatus, address_out = 0x75803924 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CloseToolhelp32Snapshot, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32First, address_out = 0x75e55763 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32Next, address_out = 0x75e5594e | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32ListFirst, address_out = 0x75e55621 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32ListNext, address_out = 0x75e556cb | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32First, address_out = 0x75df8ae7 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32Next, address_out = 0x75df88a4 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Module32First, address_out = 0x75e55cd9 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Module32Next, address_out = 0x75e55dc2 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Sleep | duration = -1 (infinite) | 1 |
Fn
|
|
Sleep | duration = 10 milliseconds (0.010 seconds) | 796 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:30 (UTC) | 1 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:31 (UTC) | 3 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:33 (UTC) | 74 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:34 (UTC) | 121 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) | 139 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:36 (UTC) | 39 |
Fn
|
|
Get Info | type = Operating System | 6 |
Fn
|
|
Get Info | type = Operating System | 3 |
Fn
|
|
Get Info | type = Hardware Information | 2 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{D773FC21-4FCB-6D43-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{86709C2F-2FC5-3C40-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{E4529D1E-2EF4-5E62-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{E4529D1D-2EF7-5E62-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{E4529D1F-2EF5-5E62-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 4 |
Fn
|
|
Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{1F05FC9E-4F74-A535-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{6E93744F-C7A5-D4A3-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 2 |
Fn
|
|
Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
|
Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 4 |
Fn
|
|
Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
|
Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 1 |
Fn
|
|
Release | mutex_name = Global\{1F05FC9E-4F74-A535-65D9-FE61A0417768} | 1 |
Fn
|
|
Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} | 2 |
Fn
|
|
Release | mutex_name = Global\{6E93744F-C7A5-D4A3-65D9-FE61A0417768} | 1 |
Fn
|
|
Release | mutex_name = Global\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768} | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | 1 |
Fn
Data
|
Information | Value |
---|---|
Total Data Sent | 0.03 KB (32 bytes) |
Total Data Received | 0.00 KB (2 bytes) |
Contacted Host Count | 1 |
Contacted Hosts | 127.0.0.1:9050 |
Information | Value |
---|---|
Handle | 0x434 |
Address Family | AF_INET |
Type | SOCK_STREAM |
Protocol | IPPROTO_TCP |
Remote Address | 127.0.0.1 |
Remote Port | 9050 |
Local Address | 0.0.0.0 |
Local Port | 4800 |
Data Sent | 0.03 KB (32 bytes) |
Data Received | 0.00 KB (2 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM | 1 |
Fn
|
|
Connect | remote_address = 127.0.0.1, remote_port = 9050 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 3, size_out = 3 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1024, size_out = 2 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 4, size_out = 4 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 1, size_out = 1 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 22, size_out = 22 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 2, size_out = 2 | 1 |
Fn
Data
|
|
Close | type = SOCK_STREAM | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Listen | local_address = 127.0.0.1, local_port = 32090, queue_length = 2147483647 | 1 |
Fn
|
|
Listen | local_address = 127.0.0.1, local_port = 38078, queue_length = 2147483647 | 1 |
Fn
|
Information | Value |
---|---|
Total Data Sent | 2.12 KB (2166 bytes) |
Total Data Received | 8.52 KB (8725 bytes) |
Contacted Host Count | 2 |
Contacted Hosts | fortsiretbab.com, checkip.dyndns.org |
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | fortsiretbab.com |
Server Port | 80 |
Data Sent | 0.36 KB (364 bytes) |
Data Received | 0.37 KB (382 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 378 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 0 | 1 |
Fn
|
|
Close Session | 3 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | checkip.dyndns.org |
Server Port | 80 |
Data Sent | 0.35 KB (355 bytes) |
Data Received | 0.11 KB (110 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = checkip.dyndns.org, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Connection: close , url = checkip.dyndns.org/ | 1 |
Fn
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 106 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 0 | 1 |
Fn
|
|
Close Session | 1 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | checkip.dyndns.org |
Server Port | 80 |
Data Sent | 0.35 KB (355 bytes) |
Data Received | 0.11 KB (110 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_PRECONFIG | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = checkip.dyndns.org, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Connection: close , url = checkip.dyndns.org/ | 1 |
Fn
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 106 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 0 | 1 |
Fn
|
|
Close Session | 1 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | fortsiretbab.com |
Server Port | 80 |
Data Sent | 0.36 KB (364 bytes) |
Data Received | 6.19 KB (6337 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 5626 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 707 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 0 | 1 |
Fn
|
|
Close Session | 3 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | fortsiretbab.com |
Server Port | 80 |
Data Sent | 0.36 KB (364 bytes) |
Data Received | 1.02 KB (1044 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 1040 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 0 | 1 |
Fn
|
|
Close Session | 3 |
Fn
|
Information | Value |
---|---|
User Agent | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
Server Name | fortsiretbab.com |
Server Port | 80 |
Data Sent | 0.36 KB (364 bytes) |
Data Received | 0.72 KB (742 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT | 1 |
Fn
|
|
Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 | 1 |
Fn
|
|
Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php | 1 |
Fn
Data
|
|
Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 738 | 1 |
Fn
Data
|
|
Read Response | size = 262144, size_out = 0 | 1 |
Fn
|
|
Close Session | 1 |
Fn
|
Information | Value |
---|---|
ID | #13 |
File Name | c:\windows\system32\taskeng.exe |
Command Line | taskeng.exe {CFDCF914-63AE-4446-B16F-E0A62E2EE661} S-1-5-21-1836691140-625943148-109919340-1000:AUFDDCNTXWT\aDU0VK IWA5kLS:Interactive:LUA[1] |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:44, Reason: Injection |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:29 |
Information | Value |
---|---|
PID | 0x2b4 |
Parent PID | 0x354 (c:\windows\system32\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
B28
0x
114
0x
578
0x
464
0x
438
0x
454
0x
83C
0x
84C
0x
85C
0x
86C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x000affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b3fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000140000 | 0x00140000 | 0x00141fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000370000 | 0x00370000 | 0x004f7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000500000 | 0x00500000 | 0x00680fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000690000 | 0x00690000 | 0x01a8ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001a90000 | 0x01a90000 | 0x01e82fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ec0000 | 0x01ec0000 | 0x01f3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f40000 | 0x01f40000 | 0x01f7bfff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000001f80000 | 0x01f80000 | 0x01ffffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002020000 | 0x02020000 | 0x0209ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000020a0000 | 0x020a0000 | 0x0219ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000021a0000 | 0x021a0000 | 0x0227efff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000022a0000 | 0x022a0000 | 0x0231ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02320000 | 0x025eefff | Memory Mapped File | Readable |
|
|||
private_0x0000000002680000 | 0x02680000 | 0x026fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002770000 | 0x02770000 | 0x027effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027f0000 | 0x027f0000 | 0x028cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002940000 | 0x02940000 | 0x029bffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a70000 | 0x02a70000 | 0x02aeffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b50000 | 0x02b50000 | 0x02bcffff | Private Memory | Readable, Writable |
|
|||
kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
taskeng.exe | 0xffe30000 | 0xffea3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
tschannel.dll | 0x7fef6130000 | 0x7fef6138fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
xmllite.dll | 0x7fefb380000 | 0x7fefb3b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ktmw32.dll | 0x7fefb3c0000 | 0x7fefb3c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x7fefca60000 | 0x7fefcaa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x7fefcfb0000 | 0x7fefd01cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x7fefd350000 | 0x7fefd374fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x7fefd380000 | 0x7fefd38efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x7fefd470000 | 0x7fefd483fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x7fefd990000 | 0x7fefda28fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x7fefda30000 | 0x7fefda5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x7fefdb00000 | 0x7fefdbdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x7fefdbe0000 | 0x7fefdd57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x7fefdd60000 | 0x7fefddc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x7fefddd0000 | 0x7fefded8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x7fefdee0000 | 0x7fefdfa8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x7fefdfb0000 | 0x7fefed37fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x7fefed40000 | 0x7fefeddefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x7fefede0000 | 0x7fefefe2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x7feff2b0000 | 0x7feff320fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x7feff330000 | 0x7feff33dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x7feff340000 | 0x7feff598fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x7feff5a0000 | 0x7feff5a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x7feff5b0000 | 0x7feff5cefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x7feff5d0000 | 0x7feff6a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x7feff6b0000 | 0x7feff7d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x7feff7e0000 | 0x7feff82cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apisetschema.dll | 0x7feff860000 | 0x7feff860fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1f40000, size = 245760 | 1 |
Fn
Data
|
|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1eb0000, size = 4 | 1 |
Fn
Data
|
|
Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1eb0004, size = 3056 | 1 |
Fn
Data
|
|
Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x1f4ad14 | 1 |
Fn
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open | STD_INPUT_HANDLE | 1 |
Fn
|
||
Open | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
Open | STD_ERROR_HANDLE | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | KERNEL32.dll | base_address = 0x77320000 | 1 |
Fn
|
|
Load | ADVAPI32.dll | base_address = 0x7fefdb00000 | 1 |
Fn
|
|
Load | SHLWAPI.dll | base_address = 0x7feff2b0000 | 1 |
Fn
|
|
Load | SHELL32.dll | base_address = 0x7fefdfb0000 | 1 |
Fn
|
|
Load | USER32.dll | base_address = 0x77440000 | 1 |
Fn
|
|
Load | WS2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Load | WININET.dll | base_address = 0x7feff6b0000 | 1 |
Fn
|
|
Load | ole32.dll | base_address = 0x7fefede0000 | 1 |
Fn
|
|
Load | OLEAUT32.dll | base_address = 0x7feff5d0000 | 1 |
Fn
|
|
Load | urlmon.dll | base_address = 0x7fefdbe0000 | 1 |
Fn
|
|
Load | Ws2_32.dll | base_address = 0x7feff7e0000 | 1 |
Fn
|
|
Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77320000 | 1 |
Fn
|
|
Get Filename | process_name = c:\windows\system32\taskeng.exe, file_name_orig = C:\Windows\system32\taskeng.exe, size = 260 | 3 |
Fn
|
||
Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x77331500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushFileBuffers, address_out = 0x773269f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x773435a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x77342b00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x773337a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x773367a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x77329b30 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x77331260 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7732af00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7733bdd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x77343050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x77343070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x77573f20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x775933a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x77337070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringA, address_out = 0x77324f60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Thread32First, address_out = 0x7736aa70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Thread32Next, address_out = 0x7736a980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThread, address_out = 0x77333f20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x77341bb0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x77336620 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x77335b50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x773435f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateMutexW, address_out = 0x773313c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ReleaseMutex, address_out = 0x77342b90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetLastError, address_out = 0x77342df0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x77331170 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x77342dd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x77336580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetComputerNameW, address_out = 0x7732d130 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateEventW, address_out = 0x77335290 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ExitThread, address_out = 0x77586930 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x775640f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77568100 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x77337700 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x77335a50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = AddVectoredExceptionHandler, address_out = 0x77623ad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLCID, address_out = 0x773233a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x773282b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x77342b20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x77343690 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x77343730 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address_out = 0x77336f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtect, address_out = 0x77322ef0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateRemoteThread, address_out = 0x7736c4f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualAllocEx, address_out = 0x7736bbd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualFreeEx, address_out = 0x7736bb90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DuplicateHandle, address_out = 0x77335d10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteProcessMemory, address_out = 0x7736bad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OpenProcess, address_out = 0x7733cad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Process32NextW, address_out = 0x773220f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Process32FirstW, address_out = 0x77321e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x773221e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7732ad70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x7736bca0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetEvent, address_out = 0x77333f00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7732ad90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x77342b70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x77342f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x77331870 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpiA, address_out = 0x773240a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = lstrlenA, address_out = 0x7733caf0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WriteConsoleW, address_out = 0x77333d40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetStdHandle, address_out = 0x7736bce0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleMode, address_out = 0x77342e60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleCP, address_out = 0x773605f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringW, address_out = 0x77340dd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapSize, address_out = 0x775682d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStringTypeW, address_out = 0x77339060 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringW, address_out = 0x7732b760 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address_out = 0x77336640 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCPInfo, address_out = 0x77336ce0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetOEMCP, address_out = 0x7733b580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetACP, address_out = 0x77336f90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsValidCodePage, address_out = 0x77339080 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77593000 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x77592fc0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x7736cc80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77328290 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlUnwindEx, address_out = 0x77352d90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsFree, address_out = 0x77331590 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsSetValue, address_out = 0x77335cd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x77342bd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = TlsAlloc, address_out = 0x77337100 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x77339b70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x773b9330 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlVirtualUnwind, address_out = 0x7736b5b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlLookupFunctionEntry, address_out = 0x7736b610 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlCaptureContext, address_out = 0x7736b6f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x77336d20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x77336d00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x77333f40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x77336500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x773364a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x77338070 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77565350 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetFileType, address_out = 0x77342e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetStdHandle, address_out = 0x7733d750 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleExW, address_out = 0x7732b780 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RaiseException, address_out = 0x7732cf10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = RtlPcToFileHeader, address_out = 0x77352d80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = DecodePointer, address_out = 0x77569c50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EncodePointer, address_out = 0x77573bd0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineA, address_out = 0x77341e70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetSystemInfo, address_out = 0x77336f70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = VirtualQuery, address_out = 0x7733bd40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = ResumeThread, address_out = 0x773313a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SuspendThread, address_out = 0x77322f60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x77333ee0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = OpenThread, address_out = 0x7733c560 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushInstructionCache, address_out = 0x773233e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = HeapCreate, address_out = 0x773370e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x77335cf0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadContext, address_out = 0x77322f10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetThreadContext, address_out = 0x77322f40 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LocalFree, address_out = 0x773347a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7732d910 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptHashData, address_out = 0x7fefdb0dac0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7fefdb11ed0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefdb206f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetSidSubAuthority, address_out = 0x7fefdb11754 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = OpenThreadToken, address_out = 0x7fefdb1bd84 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetTokenInformation, address_out = 0x7fefdb1bd50 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = OpenProcessToken, address_out = 0x7fefdb1bd70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyExW, address_out = 0x7fefdb1b520 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptReleaseContext, address_out = 0x7fefdb0dd10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyHash, address_out = 0x7fefdb0db00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptGetHashParam, address_out = 0x7fefdb0db20 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptCreateHash, address_out = 0x7fefdb0dad4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = GetLengthSid, address_out = 0x7fefdb1b580 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefdb0d98c | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefdb1c480 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefdb20710 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExA, address_out = 0x7fefdb11dc0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyExA, address_out = 0x7fefdb11d10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRenameExtensionW, address_out = 0x7feff2de6c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRemoveBackslashW, address_out = 0x7feff2bd014 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathAddBackslashW, address_out = 0x7feff2c3f70 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathAddExtensionW, address_out = 0x7feff2de630 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = wvnsprintfA, address_out = 0x7feff2e2200 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = wvnsprintfW, address_out = 0x7feff2e22e4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\shlwapi.dll | function = PathCombineW, address_out = 0x7feff2c3dfc | 1 |
Fn
|
|
Get Address | c:\windows\system32\shell32.dll | function = SHGetFolderPathW, address_out = 0x7fefe033ba4 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = MessageBoxA, address_out = 0x774b12b8 | 1 |
Fn
|
|
Get Address | c:\windows\system32\user32.dll | function = CharUpperW, address_out = 0x7745b714 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 18, address_out = 0x7feff7e4da0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 115, address_out = 0x7feff7e4980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 15, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 11, address_out = 0x7feff7e1350 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 9, address_out = 0x7feff7e1250 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ws2_32.dll | function = 19, address_out = 0x7feff7e8000 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 | 1 |
Fn
|
|
Get Address | c:\windows\system32\wininet.dll | function = FindCloseUrlCache, address_out = 0x7feff6be600 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = StringFromGUID2, address_out = 0x7fefee03560 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CLSIDFromString, address_out = 0x7fefedf0680 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7fefedfa51c | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitializeSecurity, address_out = 0x7fefedf8220 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefee07490 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x7fefee01314 | 1 |
Fn
|
|
Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x7fefee02a30 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 2, address_out = 0x7feff5d3480 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 6, address_out = 0x7feff5d1320 | 1 |
Fn
|
|
Get Address | c:\windows\system32\oleaut32.dll | function = 9, address_out = 0x7feff5d1180 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x77337190 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x773315b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x77343520 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x7733bd90 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x773379b0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x7736c4c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadStackGuarantee, address_out = 0x77328050 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x77328820 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x7755b2f0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x7754d620 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x7736ba80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolWait, address_out = 0x7755e170 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x7754c540 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77591f80 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77590040 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x7736b820 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x77395ad0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = EnumSystemLocalesEx, address_out = 0x7736c3d0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = CompareStringEx, address_out = 0x7736b980 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetDateFormatEx, address_out = 0x773b0920 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x77323c10 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetTimeFormatEx, address_out = 0x773ad4e0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetUserDefaultLocaleName, address_out = 0x7736b790 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = IsValidLocaleName, address_out = 0x7736b770 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x7736b710 | 1 |
Fn
|
|
Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\system32\urlmon.dll | function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Sleep | duration = -1 (infinite) | 1 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:24 (UTC) | 1 |
Fn
|
|
Get Info | type = Operating System | 2 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} | 1 |
Fn
|
|
Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #14 |
File Name | c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe |
Command Line | "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:51, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:22 |
Information | Value |
---|---|
PID | 0x9b4 |
Parent PID | 0x65c (c:\windows\syswow64\msiexec.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
918
0x
8BC
0x
8B0
0x
8AC
0x
8A8
0x
900
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x00110000 | 0x0014bfff | Memory Mapped File | Readable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000110000 | 0x00110000 | 0x00122fff | Pagefile Backed Memory | Readable, Writable |
|
|||
tzres.dll | 0x00110000 | 0x00110fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00132fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00126fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000130000 | 0x00130000 | 0x00131fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000140000 | 0x00140000 | 0x00141fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x00150000 | 0x00150fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000150000 | 0x00150000 | 0x00150fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000370000 | 0x00370000 | 0x004f7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000500000 | 0x00500000 | 0x00500fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000510000 | 0x00510000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000590000 | 0x00590000 | 0x00710fff | Pagefile Backed Memory | Readable |
|
|||
cversions.1.db | 0x00720000 | 0x00723fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000730000 | 0x00730000 | 0x0082ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000830000 | 0x00830000 | 0x0092ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000930000 | 0x00930000 | 0x009dffff | Private Memory | Readable, Writable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db | 0x00930000 | 0x00956fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000960000 | 0x00960000 | 0x00960fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000970000 | 0x00970000 | 0x00987fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000009a0000 | 0x009a0000 | 0x009dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000009f0000 | 0x009f0000 | 0x009fffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00a00000 | 0x00ccefff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000cd0000 | 0x00cd0000 | 0x00daefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000db0000 | 0x00db0000 | 0x00deffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000e00000 | 0x00e00000 | 0x00e3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000e40000 | 0x00e40000 | 0x00e7ffff | Private Memory | Readable, Writable |
|
|||
tor.exe | 0x00ed0000 | 0x011aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x00000000011b0000 | 0x011b0000 | 0x025affff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000025b0000 | 0x025b0000 | 0x026b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000025b0000 | 0x025b0000 | 0x0261ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000026b0000 | 0x026b0000 | 0x026effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002750000 | 0x02750000 | 0x0278ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002790000 | 0x02790000 | 0x0298ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002990000 | 0x02990000 | 0x02b8ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002b90000 | 0x02b90000 | 0x02f9ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000002b90000 | 0x02b90000 | 0x02f82fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002f90000 | 0x02f90000 | 0x0318ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002fa0000 | 0x02fa0000 | 0x033affff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000031b0000 | 0x031b0000 | 0x033affff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x033b0000 | 0x0346ffff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000003470000 | 0x03470000 | 0x0387ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000003610000 | 0x03610000 | 0x0380ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000003880000 | 0x03880000 | 0x03c8ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
libeay32.dll | 0x721a0000 | 0x7238ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x73980000 | 0x73a74fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x73a80000 | 0x73afffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ssleay32.dll | 0x740d0000 | 0x74137fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
libgcc_s_sjlj-1.dll | 0x74140000 | 0x741b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
zlib1.dll | 0x741f0000 | 0x74211fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
libevent-2-0-5.dll | 0x74220000 | 0x742a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
libssp-0.dll | 0x74850000 | 0x7486bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74990000 | 0x7499efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x749a0000 | 0x749b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x749c0000 | 0x749c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x749d0000 | 0x749e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74a40000 | 0x74a7afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74a80000 | 0x74a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74b50000 | 0x74b54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74cb0000 | 0x74e4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x751b0000 | 0x751d0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x751f0000 | 0x75201fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x75210000 | 0x7521cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x75220000 | 0x75226fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x75230000 | 0x7524bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x757c0000 | 0x757d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x758e0000 | 0x75962fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x75ca0000 | 0x75cc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x75f60000 | 0x75fa4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76c30000 | 0x76dccfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\state.tmp | 0.22 KB (221 bytes) |
MD5:
e4d677c20ca290bcfd1d6b243252d2c5
SHA1: e6b63577a0a80a076ee0fb4e84dc257636930d6a SHA256: 268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\state | 0.22 KB (221 bytes) |
MD5:
e4d677c20ca290bcfd1d6b243252d2c5
SHA1: e6b63577a0a80a076ee0fb4e84dc257636930d6a SHA256: 268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus.tmp | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus.tmp | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs.tmp | 18.14 KB (18574 bytes) |
MD5:
1c8c962beaa633f2cced63d4c5ad201f
SHA1: ef528bb119b2568596840d51498c2d9aa39bfbe2 SHA256: c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467 |
|
|
c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs | 18.14 KB (18574 bytes) |
MD5:
1c8c962beaa633f2cced63d4c5ad201f
SHA1: ef528bb119b2568596840d51498c2d9aa39bfbe2 SHA256: c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467 |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\geoip | file_attributes = _O_RDONLY | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\geoip6 | file_attributes = _O_RDONLY | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-descriptors | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-extrainfo | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\lock | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\state.tmp | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\router-stability | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-consensus | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-consensus | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdesc-consensus | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-microdesc-consensus | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-microdesc-consensus.tmp | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs.tmp | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdesc-consensus.tmp | 1 |
Fn
|
||
Open | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | 15 |
Fn
|
||
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\state.tmp | size = 215 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-microdesc-consensus.tmp | size = 2078572 | 1 |
Fn
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs.tmp | size = 2578 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs.tmp | size = 2233 | 7 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdesc-consensus.tmp | size = 2078572 | 1 |
Fn
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 33 | 191 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 360 | 26 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 376 | 99 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 425 | 11 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 395 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 635 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 453 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 693 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 761 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 534 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 684 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 938 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 551 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 750 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 701 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 411 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 379 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 402 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 1937 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 713 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 2320 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 394 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 432 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 509 | 3 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 1727 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 934 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 753 | 2 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 442 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 393 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 719 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 415 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 2099 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 1547 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 409 | 4 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 677 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 1217 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 514 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 441 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 577 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 498 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 971 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 664 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 829 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 423 | 1 |
Fn
Data
|
|
Write | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new | size = 392 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | ADVAPI32.DLL | base_address = 0x77280000 | 3 |
Fn
|
|
Load | KERNEL32.DLL | base_address = 0x75dc0000 | 3 |
Fn
|
|
Load | NETAPI32.DLL | base_address = 0x749d0000 | 3 |
Fn
|
|
Load | USER32.DLL | base_address = 0x757e0000 | 3 |
Fn
|
|
Load | C:\Windows\system32\iphlpapi.dll | base_address = 0x75230000 | 3 |
Fn
|
|
Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75dc0000 | 1 |
Fn
|
|
Get Handle | c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe | base_address = 0xed0000 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = SetProcessDEPPolicy, address_out = 0x75deeb9a | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\netapi32.dll | function = NetStatisticsGet, address_out = 0x749d644f | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\netapi32.dll | function = NetApiBufferFree, address_out = 0x749c13d2 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7728df14 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address_out = 0x7728dfc8 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x7728e124 | 3 |
Fn
|
|
Get Address | c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe | function = _OPENSSL_isservice, address_out = 0x0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetForegroundWindow, address_out = 0x75802320 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetCursorInfo, address_out = 0x7585812f | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = GetQueueStatus, address_out = 0x75803924 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x75df735f | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = CloseToolhelp32Snapshot, address_out = 0x0 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32First, address_out = 0x75e55763 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32Next, address_out = 0x75e5594e | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32ListFirst, address_out = 0x75e55621 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Heap32ListNext, address_out = 0x75e556cb | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32First, address_out = 0x75df8ae7 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Process32Next, address_out = 0x75df88a4 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Thread32First, address_out = 0x75e55b93 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Thread32Next, address_out = 0x75e55c3f | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Module32First, address_out = 0x75e55cd9 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = Module32Next, address_out = 0x75e55dc2 | 3 |
Fn
|
|
Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetAdaptersAddresses, address_out = 0x75236a4d | 3 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Time | type = System Time, time = 2017-08-21 21:05:31 (UTC) | 2 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:32 (UTC) | 5 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:34 (UTC) | 3 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) | 18 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:36 (UTC) | 9 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) | 91 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) | 207 |
Fn
|
|
Get Info | type = Operating System | 9 |
Fn
|
|
Get Info | type = Operating System | 1 |
Fn
|
|
Get Info | type = System Directory, result_out = C:\Windows\system32 | 3 |
Fn
|
|
Get Info | type = Hardware Information | 1 |
Fn
|
Information | Value |
---|---|
Total Data Sent | 18.11 KB (18540 bytes) |
Total Data Received | 524.18 KB (536756 bytes) |
Contacted Host Count | 2 |
Contacted Hosts | 127.0.0.1:49172, 82.223.21.74:9001 |
Information | Value |
---|---|
Handle | 0x1b4 |
Address Family | AF_INET |
Type | SOCK_STREAM |
Protocol | IPPROTO_IP |
Remote Address | 127.0.0.1 |
Remote Port | 49172 |
Local Address | 0.0.0.0 |
Local Port | 5568 |
Data Sent | 0.00 KB (0 bytes) |
Data Received | 0.00 KB (0 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM | 1 |
Fn
|
|
Connect | remote_address = 127.0.0.1, remote_port = 49172 | 1 |
Fn
|
Information | Value |
---|---|
Handle | 0x1d4 |
Address Family | AF_INET |
Type | SOCK_STREAM |
Protocol | IPPROTO_TCP |
Remote Address | 82.223.21.74 |
Remote Port | 9001 |
Local Address | 0.0.0.0 |
Local Port | 6336 |
Data Sent | 18.11 KB (18540 bytes) |
Data Received | 524.18 KB (536756 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM | 1 |
Fn
|
|
Connect | remote_address = 82.223.21.74, remote_port = 9001 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 233, size_out = 233 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 7, size_out = -1 | 2 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 7, size_out = 7 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 55, size_out = 55 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 450, size_out = 450 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 205, size_out = 205 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 126, size_out = 126 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 40, size_out = 40 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 38, size_out = 38 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1483, size_out = 1483 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 538, size_out = 538 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 538, size_out = 538 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 553 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3519, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3519, size_out = 3519 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3560, size_out = 3560 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2448 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1624, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1624, size_out = 1624 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3304, size_out = 3304 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3256 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 816, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 816, size_out = 816 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3535 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 537, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 537, size_out = 537 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3814 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 258, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 258, size_out = 258 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1048, size_out = 1048 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3048, size_out = 3048 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1304, size_out = 1304 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3816, size_out = 1750 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2066, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2066, size_out = 2066 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4016 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 56, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 56, size_out = 56 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3816, size_out = 718 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3098, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3098, size_out = 3098 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2752 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1320, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1320, size_out = 1320 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 127 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3945, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3945, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2493, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1041, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1041, size_out = 1041 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1317 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2755, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2755, size_out = 2755 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 792, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3838 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 234, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 234, size_out = 234 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 11 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4061, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2609, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2609, size_out = 2609 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3473 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 599, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 599, size_out = 599 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1759 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2313, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2313, size_out = 2313 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2038 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2034, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2034, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 582, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 582, size_out = 582 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2596 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1476, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1476, size_out = 1476 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3816, size_out = 1138 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2678, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1226, size_out = 1226 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3560, size_out = 3560 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3304, size_out = 3304 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1048, size_out = 1048 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3108, size_out = 3108 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1630, size_out = 1630 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 893 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3179, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3179, size_out = 3179 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1172 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2900, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2900, size_out = 2900 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1451 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2621, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2621, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1169, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1169, size_out = 1169 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3622, size_out = 1445 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2177, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2177, size_out = 2177 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1447 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2625, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2625, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1173, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1173, size_out = 1173 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1758, size_out = 553 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1205, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1205, size_out = 1205 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3425 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 647, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 647, size_out = 647 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3983 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 89, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 89, size_out = 89 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3060 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1012, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1012, size_out = 1012 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3339 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 733, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 733, size_out = 733 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2166 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1906, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1906, size_out = 1906 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3560, size_out = 3560 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 70 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4002, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4002, size_out = 4002 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 349 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3723, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3723, size_out = 3723 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3304, size_out = 2735 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 569, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 569, size_out = 569 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1157 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2915, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2915, size_out = 2915 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1048, size_out = 263 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 785, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 785, size_out = 785 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3048, size_out = 3048 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 792 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3280, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3280, size_out = 3280 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3975 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 97, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 97, size_out = 97 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1304, size_out = 1304 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2792, size_out = 2792 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1879 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2193, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2193, size_out = 2193 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1560, size_out = 985 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 575, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 575, size_out = 575 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2536, size_out = 2324 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 212, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 212, size_out = 212 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2966 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1106, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1106, size_out = 1106 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1816, size_out = 1816 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2280, size_out = 251 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2029, size_out = -1 | 1 |
Fn
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2029, size_out = 2029 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1428 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2644, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2644, size_out = 2644 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2072, size_out = 2072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2024, size_out = 2024 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3688 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 384, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 384, size_out = 384 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2328, size_out = 2328 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1768, size_out = 1768 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 140 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3932, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3932, size_out = 3932 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2584, size_out = 2584 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1512, size_out = 1512 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2679 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1393, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1393, size_out = 1393 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 543, size_out = 543 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 169 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3903, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3903, size_out = 3903 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2840, size_out = 1900 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 940, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 940, size_out = 940 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1256, size_out = 1256 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2150 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1922, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1922, size_out = 1922 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 977 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3095, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1643, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 1643, size_out = 1643 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1256 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2816, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 2816, size_out = 2816 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3096, size_out = 3096 | 1 |
Fn
Data
|
|
Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 1000, size_out = 1000 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 4072, size_out = 612 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 3460, size_out = -1 | 1 |
Fn
|
|
Receive | flags = NO_FLAG_SET, size = 3460, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 2008, size_out = 1452 | 1 |
Fn
Data
|
|
Receive | flags = NO_FLAG_SET, size = 556, size_out = 556 | 1 |
Fn
Data
|
Information | Value |
---|---|
Total Data Sent | 0.00 KB (0 bytes) |
Total Data Received | 0.00 KB (0 bytes) |
Contacted Host Count | 1 |
Contacted Hosts | 18.0.0.1:9 |
Information | Value |
---|---|
Handle | 0x1a8 |
Address Family | AF_INET |
Type | SOCK_DGRAM |
Protocol | IPPROTO_UDP |
Local Address | 0.0.0.0 |
Local Port | 42952 |
Data Sent | 0.00 KB (0 bytes) |
Data Received | 0.00 KB (0 bytes) |
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Create | protocol = IPPROTO_UDP, address_family = AF_INET, type = SOCK_DGRAM | 1 |
Fn
|
|
Connect | remote_address = 18.0.0.1, remote_port = 9 | 1 |
Fn
|
|
Close | type = SOCK_DGRAM | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Listen | local_address = 127.0.0.1, local_port = 0, queue_length = 1 | 1 |
Fn
|
|
Listen | local_address = 127.0.0.1, local_port = 9050, queue_length = 2147483647 | 1 |
Fn
|
Information | Value |
---|---|
ID | #15 |
File Name | c:\users\adu0vk~1\appdata\local\temp\certutil.exe |
Command Line | "C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe" -A -n "yvesl" -t "C,C,C" -i "C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt" -d "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:58, Reason: Child Process |
Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:15 |
Information | Value |
---|---|
PID | 0x8e8 |
Parent PID | 0x65c (c:\windows\syswow64\msiexec.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
8EC
0x
A10
0x
A14
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
tzres.dll | 0x000e0000 | 0x000e0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f6fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000500000 | 0x00500000 | 0x0057ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000780000 | 0x00780000 | 0x00907fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000910000 | 0x00910000 | 0x00a90fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000ac0000 | 0x00ac0000 | 0x00bbffff | Private Memory | Readable, Writable |
|
|||
certutil.exe | 0x00ce0000 | 0x00cfcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000d00000 | 0x00d00000 | 0x020fffff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x02100000 | 0x023cefff | Memory Mapped File | Readable |
|
|||
private_0x00000000024d0000 | 0x024d0000 | 0x025cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000025d0000 | 0x025d0000 | 0x026cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002710000 | 0x02710000 | 0x0280ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002810000 | 0x02810000 | 0x02c02fff | Pagefile Backed Memory | Readable |
|
|||
nss3.dll | 0x73640000 | 0x73706fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sqlite3.dll | 0x73b10000 | 0x73b7afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcr100.dll | 0x73b80000 | 0x73c3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
freebl3.dll | 0x73f00000 | 0x73f3dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nssdbm3.dll | 0x74020000 | 0x7403dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
softokn3.dll | 0x74040000 | 0x7406cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
smime3.dll | 0x74070000 | 0x7408bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
libnspr4.dll | 0x74090000 | 0x740c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nssutil3.dll | 0x74830000 | 0x74849fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winmm.dll | 0x748e0000 | 0x74911fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
libplds4.dll | 0x74930000 | 0x74936fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wsock32.dll | 0x74a10000 | 0x74a16fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
libplc4.dll | 0x75250000 | 0x75256fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Create | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Get Info | STD_INPUT_HANDLE | type = file_type | 1 |
Fn
|
|
Get Info | STD_OUTPUT_HANDLE | type = file_type | 1 |
Fn
|
|
Get Info | STD_ERROR_HANDLE | type = file_type | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db | type = file_type | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db | type = file_type | 1 |
Fn
|
|
Get Info | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db | type = file_type | 1 |
Fn
|
|
Get Info | C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt | type = attributes,time,size,volserialno | 1 |
Fn
|
|
Open | STD_INPUT_HANDLE | 2 |
Fn
|
||
Open | STD_OUTPUT_HANDLE | 2 |
Fn
|
||
Open | STD_ERROR_HANDLE | 2 |
Fn
|
||
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db | size = 260, size_out = 260 | 1 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db | size = 4096, size_out = 4096 | 2 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db | size = 260, size_out = 260 | 1 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db | size = 16384, size_out = 16384 | 2 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db | size = 260, size_out = 260 | 1 |
Fn
Data
|
|
Read | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db | size = 4096, size_out = 4096 | 1 |
Fn
Data
|
|
Read | C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt | size = 1025, size_out = 0 | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll | base_address = 0x74040000 | 1 |
Fn
|
|
Load | C:\Users\ADU0VK~1\AppData\Local\Temp\nssdbm3.dll | base_address = 0x74020000 | 1 |
Fn
|
|
Load | C:\Users\ADU0VK~1\AppData\Local\Temp\freebl3.dll | base_address = 0x73f00000 | 1 |
Fn
|
|
Load | advapi32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Load | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/nssckbi.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75dc0000 | 7 |
Fn
|
|
Get Handle | c:\users\adu0vk~1\appdata\local\temp\nss3.dll | base_address = 0x73640000 | 1 |
Fn
|
|
Get Handle | c:\users\adu0vk~1\appdata\local\temp\softokn3.dll | base_address = 0x74040000 | 2 |
Fn
|
|
Get Handle | c:\users\adu0vk~1\appdata\local\temp\certutil.exe | base_address = 0xce0000 | 1 |
Fn
|
|
Get Handle | mscoree.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Filename | process_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe, size = 260 | 1 |
Fn
|
||
Get Filename | c:\users\adu0vk~1\appdata\local\temp\nss3.dll | process_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\nss3.dll, size = 260 | 1 |
Fn
|
|
Get Filename | c:\users\adu0vk~1\appdata\local\temp\softokn3.dll | process_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll, size = 260 | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75dd4f2b | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75dd1252 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75dd4208 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75dd359f | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\softokn3.dll | function = NSC_GetFunctionList, address_out = 0x74047890 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\softokn3.dll | function = NSC_ModuleDBFunc, address_out = 0x74047d40 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | function = legacy_Open, address_out = 0x740297b0 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | function = legacy_ReadSecmodDB, address_out = 0x74032f20 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | function = legacy_ReleaseSecmodDBData, address_out = 0x74032b50 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | function = legacy_DeleteSecmodDB, address_out = 0x74032b90 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | function = legacy_AddSecmodDB, address_out = 0x74032d30 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | function = legacy_Shutdown, address_out = 0x74029420 | 1 |
Fn
|
|
Get Address | c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | function = legacy_SetCryptFunctions, address_out = 0x74029ed0 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\advapi32.dll | function = SystemFunction036, address_out = 0x77281919 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Computer Name | result_out = AUFDDCNTXWT | 1 |
Fn
|
|
Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) | 7 |
Fn
|
|
Get Info | type = Hardware Information | 1 |
Fn
|
|
Get Info | type = Operating System | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Environment String | 1 |
Fn
Data
|
This feature requires an online-connection to the VMRay backend.
An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox
with deactivated setting "security.fileuri.strict_origin_policy".