Fake UPS Shipping Doc | Sequential Behavior
Try VMRay Analyzer
| Host | Resolved to | Country | City | Protocol |
|---|---|---|---|---|
| api.ipify.org | HTTP | |||
| butsulacoft.com | 62.109.18.138 | RU | HTTP, TCP | |
| supritofuld.ru | HTTP | |||
| tekstheks.nl | HTTP | |||
| fortsiretbab.com | HTTP | |||
| checkip.dyndns.org | HTTP | |||
| 127.0.0.1 | TCP | |||
| 18.0.0.1 | US | Cambridge | UDP | |
| 82.223.21.74 | ES | TCP |
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files\microsoft office\office15\winword.exe |
| Command Line | "C:\Program Files\Microsoft Office\Office15\WINWORD.EXE" |
| Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
| Monitor | Start Time: 00:00:09, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:04 |
| Information | Value |
|---|---|
| PID | 0x934 |
| Parent PID | 0x568 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
98C
0x
988
0x
984
0x
980
0x
97C
0x
978
0x
958
0x
954
0x
94C
0x
948
0x
944
0x
938
0x
9CC
0x
9D8
0x
A04
0x
A1C
0x
AC0
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00043fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000120000 | 0x00120000 | 0x00150fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000370000 | 0x00370000 | 0x00371fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000380000 | 0x00380000 | 0x0038ffff | Private Memory |
|
|
|
|
|
| pagefile_0x0000000000390000 | 0x00390000 | 0x00396fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x003a1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003c0000 | 0x003c0000 | 0x003c1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000400000 | 0x00400000 | 0x004fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000500000 | 0x00500000 | 0x00687fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000006a0000 | 0x006a0000 | 0x006affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x00830fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000840000 | 0x00840000 | 0x01c3ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001c40000 | 0x01c40000 | 0x01d3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001d70000 | 0x01d70000 | 0x01daffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001db0000 | 0x01db0000 | 0x01e2ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001e60000 | 0x01e60000 | 0x01e6ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001e70000 | 0x01e70000 | 0x01f4efff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001fc0000 | 0x01fc0000 | 0x01fc4fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001fd0000 | 0x01fd0000 | 0x01fd0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001fe0000 | 0x01fe0000 | 0x01fe1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002000000 | 0x02000000 | 0x02000fff | Pagefile Backed Memory | Readable |
|
|
|
|
| msxml6r.dll | 0x02010000 | 0x02010fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000002020000 | 0x02020000 | 0x02020fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002030000 | 0x02030000 | 0x0212ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002130000 | 0x02130000 | 0x0222ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002230000 | 0x02230000 | 0x02622fff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x02630000 | 0x028fefff | Memory Mapped File | Readable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db | 0x02900000 | 0x02926fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002930000 | 0x02930000 | 0x02930fff | Private Memory | Readable, Writable |
|
|
|
|
| c_1255.nls | 0x02940000 | 0x02950fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002a80000 | 0x02a80000 | 0x02b7ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ba0000 | 0x02ba0000 | 0x02c9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ca0000 | 0x02ca0000 | 0x02cbefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02d6ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002dc0000 | 0x02dc0000 | 0x02ebffff | Private Memory | Readable, Writable |
|
|
|
|
| segoeui.ttf | 0x02ec0000 | 0x02f3efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002f60000 | 0x02f60000 | 0x0305ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003060000 | 0x03060000 | 0x0345ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| staticcache.dat | 0x03460000 | 0x03d8ffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003d90000 | 0x03d90000 | 0x03e8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003ec0000 | 0x03ec0000 | 0x03f3ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000003f70000 | 0x03f70000 | 0x03f7ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003f80000 | 0x03f80000 | 0x0407ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000040c0000 | 0x040c0000 | 0x040cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004130000 | 0x04130000 | 0x0422ffff | Private Memory | Readable, Writable |
|
|
|
|
| seguisb.ttf | 0x04230000 | 0x04293fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000042b0000 | 0x042b0000 | 0x042bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000042c0000 | 0x042c0000 | 0x04abffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004b30000 | 0x04b30000 | 0x04baffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004bb0000 | 0x04bb0000 | 0x04bbffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004c00000 | 0x04c00000 | 0x04cfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004d80000 | 0x04d80000 | 0x04e7ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004e80000 | 0x04e80000 | 0x0507ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005080000 | 0x05080000 | 0x0517ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005200000 | 0x05200000 | 0x0527ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000052c0000 | 0x052c0000 | 0x053bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000053d0000 | 0x053d0000 | 0x054cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000054d0000 | 0x054d0000 | 0x064cffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x064d0000 | 0x0658ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000006680000 | 0x06680000 | 0x066fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000006700000 | 0x06700000 | 0x06afffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000006b00000 | 0x06b00000 | 0x06efffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000006f00000 | 0x06f00000 | 0x076fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000007700000 | 0x07700000 | 0x07b00fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000007b10000 | 0x07b10000 | 0x07f10fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000007f20000 | 0x07f20000 | 0x08320fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008330000 | 0x08330000 | 0x0852ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008530000 | 0x08530000 | 0x089effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000089f0000 | 0x089f0000 | 0x08deffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000037440000 | 0x37440000 | 0x3744ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| msvcp100.dll | 0x73d80000 | 0x73e17fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcr100.dll | 0x73e20000 | 0x73ef1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| osppc.dll | 0x74830000 | 0x74862fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77710000 | 0x77716fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| winword.exe | 0x13fd90000 | 0x13ff67fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000007feb3df0000 | 0x7feb3df0000 | 0x7feb3df9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000007febef30000 | 0x7febef30000 | 0x7febef3ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| riched20.dll | 0x7fee8d70000 | 0x7fee8f92fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| adal.dll | 0x7fee8fa0000 | 0x7fee9078fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mscoreei.dll | 0x7fee91b0000 | 0x7fee9248fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mscoree.dll | 0x7fee9250000 | 0x7fee92befff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwrite.dll | 0x7fee92c0000 | 0x7fee943dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d10warp.dll | 0x7fee9440000 | 0x7fee960ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msptls.dll | 0x7fee9610000 | 0x7fee9785fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msores.dll | 0x7fee9790000 | 0x7feee47afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso.dll | 0x7feee480000 | 0x7fef0730fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wwlib.dll | 0x7fef0740000 | 0x7fef21befff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d11.dll | 0x7fef2200000 | 0x7fef22c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msointl.dll | 0x7fef22d0000 | 0x7fef2646fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wwintl.dll | 0x7fef2650000 | 0x7fef2723fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d2d1.dll | 0x7fef2730000 | 0x7fef2811fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oart.dll | 0x7fef2820000 | 0x7fef3c33fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msimg32.dll | 0x7fef47d0000 | 0x7fef47d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msxml6.dll | 0x7fef79d0000 | 0x7fef7bc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winspool.drv | 0x7fef7c60000 | 0x7fef7cd0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| office.odf | 0x7fef94a0000 | 0x7fef999ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msi.dll | 0x7fef99a0000 | 0x7fef9cb5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dxgi.dll | 0x7fefa130000 | 0x7fefa1d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d10_1core.dll | 0x7fefa1e0000 | 0x7fefa234fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d10_1.dll | 0x7fefa240000 | 0x7fefa273fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| webio.dll | 0x7fefa500000 | 0x7fefa563fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winhttp.dll | 0x7fefa570000 | 0x7fefa5e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windowscodecs.dll | 0x7fefad90000 | 0x7fefaeb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdiplus.dll | 0x7fefb080000 | 0x7fefb294fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wtsapi32.dll | 0x7fefb950000 | 0x7fefb960fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x7fefbde0000 | 0x7fefbe0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x7fefbe40000 | 0x7fefbf6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x7fefbfc0000 | 0x7fefc1b3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x7fefc650000 | 0x7fefc65bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x7fefca60000 | 0x7fefcaa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x7fefd320000 | 0x7fefd32afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7fefd350000 | 0x7fefd374fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x7fefd380000 | 0x7fefd38efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winsta.dll | 0x7fefd430000 | 0x7fefd46cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrtremote.dll | 0x7fefd470000 | 0x7fefd483fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x7fefd490000 | 0x7fefd49efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x7fefd5e0000 | 0x7fefd619fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x7fefd620000 | 0x7fefd655fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x7fefd660000 | 0x7fefd679fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x7fefd990000 | 0x7fefda28fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
|
For performance reasons, the remaining 194 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\adu0vk~1\appdata\local\temp\~dff95cfde65cdb3f5c.tmp | 0.50 KB (512 bytes) |
MD5:
bf619eac0cdf3f68d496ea9344137e8b
SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = Psapi.dll, base_address = 0x0 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x0, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x10000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x20000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x21000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x30000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x34000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x40000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?, address = 0x44000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x50000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xb7000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xc0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xc1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xd0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xd2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xe0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xe2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xf0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0xf1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x100000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x101000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x110000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x120000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x151000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x160000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x170000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x24b000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x24d000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x270000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x370000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x372000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x380000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x382000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x390000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x397000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3a0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3a2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3b0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3b2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3c0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3c2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3d0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3df000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3e0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3e3000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3f0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x3f1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x400000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x500000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x504000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x680000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x683000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x688000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x690000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x691000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x6a0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x6b0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x831000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x840000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x874000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1c40000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1c5d000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d40000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d41000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d50000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d51000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d60000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d61000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d70000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1d73000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1db0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1dd6000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e30000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e31000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e40000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e41000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e50000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e51000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e60000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1e70000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f4f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f50000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f71000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f80000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\locale.nls, address = 0x1f9f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fa0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fb1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fc0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fc5000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fd0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fd1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fe0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1fe2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1ff0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x1ff1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x2000000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1251.NLS, address = 0x2001000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2010000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2011000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2020000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2021000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2030000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x212c000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x212e000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2130000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x222c000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x222f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2230000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\msxml6r.dll, address = 0x2623000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Globalization\Sorting\SortDefault.nls, address = 0x2630000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Globalization\Sorting\SortDefault.nls, address = 0x28ff000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2900000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2927000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2930000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db, address = 0x2931000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2940000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2951000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2960000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2961000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2970000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x298e000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2990000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29ae000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29b0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29cf000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29d0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29d2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29e0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x29ff000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a00000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a1f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a20000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a3f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a40000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a42000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a50000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\C_1255.NLS, address = 0x2a51000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a60000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a61000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a70000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a71000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2a80000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2b80000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2b9f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ba0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2c8e000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2c90000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ca0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cbf000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cc0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cdf000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ce0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2ce2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2cf0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d2a000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d39000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d3a000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d70000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\oleaccrc.dll, address = 0x2d8f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2d90000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2da2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2db0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2dbc000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2dc0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2eb9000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\en-US\UIAutomationCore.dll.mui, address = 0x2ebb000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2ec0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f3f000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f40000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f42000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f50000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f52000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x2f60000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x305b000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x305d000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x3060000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf, address = 0x31b8000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat, address = 0x3460000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat, address = 0x3d90000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat, address = 0x3d9e000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\normnfd.nls, address = 0x3e90000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\normnfd.nls, address = 0x3e9a000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ea0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ea4000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3eb0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3eb1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ec0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3ec2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f40000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f43000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f50000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f54000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f60000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f61000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f70000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f78000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f80000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x3f8e000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x4080000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40c0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40ca000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40d0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40d1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40e0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40e1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40f0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x40f8000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x4100000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\System32\stdole2.tlb, address = 0x4103000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4110000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4127000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4130000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x421a000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x421c000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Windows\Fonts\seguisb.ttf, address = 0x4230000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\Windows\Fonts\seguisb.ttf, address = 0x4294000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42a0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42a9000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42b0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42bb000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x42c0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4ac0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4ac1000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b00000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b08000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b10000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b14000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b20000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b24000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b30000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4b49000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bb0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bb2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bc0000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4bc2000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4c00000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4cfc000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = ?Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, address = 0x4cfe000, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = \Device\HarddiskVolume1\Users\aDU0VK IWA5kLS\Desktop\UPS_Slip_307086.doc, address = 0x4d00000, size = 260 |
|
1 | |
| Process | Create | process_name = C:\Windows\SysWOW64\svchost.exe, os_pid = 0x9dc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Thread | Get Context | process_name = c:\program files\microsoft office\office15\winword.exe, os_tid = 0x988 |
|
1 | |
| Module | Unmap | process_name = C:\Windows\SysWOW64\svchost.exe |
|
1 | |
| Memory | Allocate | process_name = C:\Windows\SysWOW64\svchost.exe, address = 0x400000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 32768 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe, address = 0x400000, size = 1024 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe, address = 0x401000, size = 7680 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe, address = 0x403000, size = 1024 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe, address = 0x404000, size = 3072 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe, address = 0x405000, size = 8704 |
|
1 | |
| Thread | Set Context | process_name = c:\program files\microsoft office\office15\winword.exe, os_tid = 0x988 |
|
1 | |
| Thread | Resume | process_name = c:\program files\microsoft office\office15\winword.exe, os_tid = 0x988 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x7fee8a00000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoVBADigSigCallDlg, address_out = 0x7fee8b0d128 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoVbaInitSecurity, address_out = 0x7fee8a7a204 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFIEPolicyAndVersion, address_out = 0x7fee8a224b8 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFAnsiCodePageSupportsLCID, address_out = 0x7fee8a7a09c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFInitOffice, address_out = 0x7fee8a1f98c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoUninitOffice, address_out = 0x7fee8a0ec34 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFGetFontSettings, address_out = 0x7fee8a03fac |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoRgchToRgwch, address_out = 0x7fee8a12878 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHrSimpleQueryInterface, address_out = 0x7fee8a07a5c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHrSimpleQueryInterface2, address_out = 0x7fee8a079d4 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateControl, address_out = 0x7fee8a0870c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFLongLoad, address_out = 0x7fee8b4cb78 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFLongSave, address_out = 0x7fee8b4cb9c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFGetTooltips, address_out = 0x7fee8a123e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFSetTooltips, address_out = 0x7fee8a7a49c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFLoadToolbarSet, address_out = 0x7fee8a67d64 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateToolbarSet, address_out = 0x7fee8a055d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHpalOffice, address_out = 0x7fee8a105e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFWndProcNeeded, address_out = 0x7fee8a03cd4 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFWndProc, address_out = 0x7fee8a06c80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateITFCHwnd, address_out = 0x7fee8a03d08 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoDestroyITFC, address_out = 0x7fee8a0eaa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFPitbsFromHwndAndMsg, address_out = 0x7fee8a0e064 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFGetComponentManager, address_out = 0x7fee8a07af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoMultiByteToWideChar, address_out = 0x7fee8a1005c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoWideCharToMultiByte, address_out = 0x7fee8a08b00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoHrRegisterAll, address_out = 0x7fee8b0cb04 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFSetComponentManager, address_out = 0x7fee8a147c4 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateStdComponentManager, address_out = 0x7fee8a03e0c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFHandledMessageNeeded, address_out = 0x7fee8a0ab58 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoPeekMessage, address_out = 0x7fee8a0a820 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFCreateIPref, address_out = 0x7fee8a015ac |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoDestroyIPref, address_out = 0x7fee8a0ebfc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoChsFromLid, address_out = 0x7fee8a01414 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoCpgFromChs, address_out = 0x7fee8a065d4 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoSetLocale, address_out = 0x7fee8a01554 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoFSetHMsoinstOfSdm, address_out = 0x7fee8a03dbc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoSetVbaInterfaces, address_out = 0x7fee8b0d23c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoGetControlInstanceId, address_out = 0x7fee8ad733c |
|
1 | |
| Environment | Get Environment String | name = DDRYBUR |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
2 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Licenses |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7, data = } |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SysFreeString, address_out = 0x7feff5d1320 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadTypeLib, address_out = 0x7feff5df1e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegisterTypeLib, address_out = 0x7feff62caa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = QueryPathOfRegTypeLib, address_out = 0x7feff661760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = UnRegisterTypeLib, address_out = 0x7feff6620d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleTranslateColor, address_out = 0x7feff5fc760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreateFontIndirect, address_out = 0x7feff62ecd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreatePictureIndirect, address_out = 0x7feff62e840 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleLoadPicture, address_out = 0x7feff63f420 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreatePropertyFrameIndirect, address_out = 0x7feff634ec0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleCreatePropertyFrame, address_out = 0x7feff639350 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleIconToCursor, address_out = 0x7feff606e40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadTypeLibEx, address_out = 0x7feff5da550 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OleLoadPictureEx, address_out = 0x7feff63f320 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\user32.dll, base_address = 0x77440000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address_out = 0x774594f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address_out = 0x77455f08 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromRect, address_out = 0x77452b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address_out = 0x7744ab64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address_out = 0x77455c30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoA, address_out = 0x7744a730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayDevicesA, address_out = 0x7744a5b4 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = oleaut32.dll, base_address = 0x7feff5d0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DispCallFunc, address_out = 0x7feff5d2270 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadTypeLibEx, address_out = 0x7feff5da550 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = UnRegisterTypeLib, address_out = 0x7feff6620d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateTypeLib2, address_out = 0x7feff65dbd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDateFromUdate, address_out = 0x7feff5d5c90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarUdateFromDate, address_out = 0x7feff5d6330 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetAltMonthNames, address_out = 0x7feff5f66c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNumFromParseNum, address_out = 0x7feff5d4710 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarParseNumFromStr, address_out = 0x7feff5d48f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromR4, address_out = 0x7feff60b640 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromR8, address_out = 0x7feff60b360 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromDate, address_out = 0x7feff612640 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromI4, address_out = 0x7feff5f58a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromCy, address_out = 0x7feff5f5820 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarR4FromDec, address_out = 0x7feff60af20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromTypeInfo, address_out = 0x7feff62a0c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromGuids, address_out = 0x7feff662160 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayGetRecordInfo, address_out = 0x7feff5f5af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArraySetRecordInfo, address_out = 0x7feff5f5a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayGetIID, address_out = 0x7feff5f5a60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArraySetIID, address_out = 0x7feff5f5a30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayCopyData, address_out = 0x7feff5d60b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayAllocDescriptorEx, address_out = 0x7feff5d3e90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayCreateEx, address_out = 0x7feff629f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormat, address_out = 0x7feff659b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatDateTime, address_out = 0x7feff659aa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatNumber, address_out = 0x7feff659990 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatPercent, address_out = 0x7feff659890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatCurrency, address_out = 0x7feff659770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarWeekdayName, address_out = 0x7feff63b8d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMonthName, address_out = 0x7feff63b800 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAdd, address_out = 0x7feff6548e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAnd, address_out = 0x7feff659470 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCat, address_out = 0x7feff6596a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDiv, address_out = 0x7feff652fe0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarEqv, address_out = 0x7feff659cf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarIdiv, address_out = 0x7feff658ff0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarImp, address_out = 0x7feff659c00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMod, address_out = 0x7feff658e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMul, address_out = 0x7feff653690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarOr, address_out = 0x7feff6592d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarPow, address_out = 0x7feff652e80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarSub, address_out = 0x7feff653f90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarXor, address_out = 0x7feff6591a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAbs, address_out = 0x7feff637c30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFix, address_out = 0x7feff637a60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarInt, address_out = 0x7feff637890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNeg, address_out = 0x7feff637ea0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNot, address_out = 0x7feff659600 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarRound, address_out = 0x7feff6376a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCmp, address_out = 0x7feff6583f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecAdd, address_out = 0x7feff603070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecCmp, address_out = 0x7feff60d700 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarBstrCat, address_out = 0x7feff60d890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCyMulI4, address_out = 0x7feff5ecaf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarBstrCmp, address_out = 0x7feff5f8a00 |
|
1 | |
| Module | Get Handle | module_name = ole32.dll, base_address = 0x7fefede0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstanceEx, address_out = 0x7fefedede90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CLSIDFromProgIDEx, address_out = 0x7fefedfa4c4 |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:00 (Local Time) |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32, value_name = ThreadingModel, data = 65 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID, data = {C62A69F0-16DC-11CE-9E98-00AA00574A4F} |
|
1 | |
| System | Get Cursor | x_out = 463, y_out = 330 |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:00 (Local Time) |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\409 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\9 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64, data = C:\Program Files\Microsoft Office\Office15\MSWORD.OLB |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:00 (Local Time) |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\office15\winword.exe, file_name_orig = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Cursor | x_out = 463, y_out = 330 |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:00 (Local Time) |
|
5 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64, data = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64, data = C:\Program Files\Microsoft Office\Office15\MSWORD.OLB |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:00 (Local Time) |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64, data = C:\Windows\system32\FM20.DLL |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:00 (Local Time) |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_Destroy, address_out = 0x7fefc0207a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_GetIconSize, address_out = 0x7fefc021010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = InitCommonControls, address_out = 0x7fefc0f8b5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_LoadImageA, address_out = 0x7fefc0201a8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_SetOverlayImage, address_out = 0x7fefc020a70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_AddMasked, address_out = 0x7fefc020b60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_GetImageInfo, address_out = 0x7fefc021180 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_Draw, address_out = 0x7fefc020cd8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_DrawEx, address_out = 0x7fefc020bdc |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = PropertySheetA, address_out = 0x7fefc005c64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = DestroyPropertySheetPage, address_out = 0x7fefbfff018 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = CreatePropertySheetPageA, address_out = 0x7fefbfffce8 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID, data = {C62A69F0-16DC-11CE-9E98-00AA00574A4F} |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| Window | Set Attribute | index = 18446744073709551596, new_long = 262401 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 676, address_out = 0x7fef41abd18 |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:01 (Local Time) |
|
2 | |
| Module | Get Address | module_name = Unknown module name, function = 542, address_out = 0x7fef3fe3834 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 619, address_out = 0x7fef3fe4120 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID, data = {C62A69F0-16DC-11CE-9E98-00AA00574A4F} |
|
1 | |
| Window | Set Attribute | index = 18446744073709551596, new_long = 262401 |
|
1 | |
| System | Get Time | type = Local Time, time = 2017-08-22 01:34:01 (Local Time) |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 717, address_out = 0x7fef41994dc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 593, address_out = 0x7fef4157298 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 644, address_out = 0x7fef3f4bc14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtWriteVirtualMemory, address_out = 0x775916b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtAllocateVirtualMemory, address_out = 0x77591490 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtWriteVirtualMemory, address_out = 0x775916b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateTimerQueueTimer, address_out = 0x77328ad0 |
|
1 | |
| System | Get Cursor | x_out = 463, y_out = 330 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 676, address_out = 0x7fef41abd18 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 542, address_out = 0x7fef3fe3834 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 619, address_out = 0x7fef3fe4120 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 644, address_out = 0x7fef3f4bc14 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 717, address_out = 0x7fef41994dc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 593, address_out = 0x7fef4157298 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 676, address_out = 0x7fef41abd18 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 542, address_out = 0x7fef3fe3834 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 619, address_out = 0x7fef3fe4120 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 644, address_out = 0x7fef3f4bc14 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 717, address_out = 0x7fef41994dc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 593, address_out = 0x7fef4157298 |
|
1 | |
| Registry | Write Value | value_name = PropertiesWindow, data = 4 24 180 720 1, size = 15, type = REG_SZ |
|
1 | |
| Registry | Write Value | value_name = MainWindow, data = 0 0 0 0 1, size = 10, type = REG_SZ |
|
1 | |
| Registry | Write Value | value_name = MdiMaximized, data = 0, size = 2, type = REG_SZ |
|
1 | |
| Registry | Write Value | value_name = FolderView, data = 1, size = 2, type = REG_SZ |
|
1 | |
| Registry | Write Value | value_name = Tool, size = 24, type = REG_BINARY |
|
1 | |
| Registry | Write Value | value_name = CtlsShowSelected, data = 0, size = 2, type = REG_SZ |
|
1 | |
| Registry | Write Value | value_name = DsnShowSelected, data = 0, size = 2, type = REG_SZ |
|
1 | |
| Module | Get Handle | module_name = ole32.dll, base_address = 0x7fefede0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DllDebugObjectRPCHook, address_out = 0x7fefef5afd0 |
|
1 |
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | "C:\Windows\SysWOW64\svchost.exe" |
| Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
| Monitor | Start Time: 00:00:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:55 |
| Information | Value |
|---|---|
| PID | 0x9dc |
| Parent PID | 0x934 (c:\program files\microsoft office\office15\winword.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
9E0
0x
9EC
0x
9F0
0x
9F4
0x
9F8
0x
A00
0x
A08
0x
A18
0x
AB8
0x
8B4
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x400000, size = 1024 |
|
1 | |
| Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x401000, size = 7680 |
|
1 | |
| Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x403000, size = 1024 |
|
1 | |
| Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x404000, size = 3072 |
|
1 | |
| Modify Memory | #1: c:\program files\microsoft office\office15\winword.exe | 0x988 | address = 0x405000, size = 8704 |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | 176.00 KB (180224 bytes) |
MD5:
773da788e860440ea6c7b3a6d4801b9d
SHA1: 607f9306fdcb4906b2175c5a20e002c99b29da53 SHA256: 879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x76e3f18e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x76ea18f8 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x76e2a33e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x76e1d075 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x76e34c7d |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x76e275e8 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x76e21b56 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x76e2b406 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x76e349e9 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x76e2ab49 |
|
1 | |
| Module | Load | module_name = IPHLPAPI.DLL, base_address = 0x75230000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersAddresses, address_out = 0x75236a4d |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x76f70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetProcessImageFileNameA, address_out = 0x76f7168e |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x76f70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = EnumProcesses, address_out = 0x76f71544 |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlDecompressBuffer, address_out = 0x777dfded |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameA, address_out = 0x75deb6e0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x75dd53c6 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7774e026 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75dd14c9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75dd14e9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x75dd4467 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x75df2a9d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x75df2b7a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75dd5a4b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetWindowsDirectoryA, address_out = 0x75df2b0a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationA, address_out = 0x75df6dcb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualQuery, address_out = 0x75dd445a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75dd10ff |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75dd1222 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75dd1856 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75dd186e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75ded9b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x75ded9c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75dd1986 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75ded802 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75dd34d5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessId, address_out = 0x75dfcf04 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75dd11c0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x75ded9e0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadContext, address_out = 0x75df79d4 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadContext, address_out = 0x75e55393 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResumeThread, address_out = 0x75dd43ef |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75dd1282 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75dd1410 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemInfo, address_out = 0x75dd49ca |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75dd3e8e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75dd49d7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75dd1245 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x75dd1072 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x75dd33a0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address_out = 0x75df276c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameA, address_out = 0x75df9d3f |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address_out = 0x7580ae5f |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7728df66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7728df36 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7728df4e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDecrypt, address_out = 0x772c3178 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7728c51a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDeriveKey, address_out = 0x772c3188 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextA, address_out = 0x772891dd |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupAccountSidA, address_out = 0x772c1daa |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7729431c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77294304 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| System | Get Computer Name | result_out = AUFDDCNTXWT |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Get filename | file_name = \Device\HarddiskVolume1\Windows\System32\taskhost.exe |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Get filename | file_name = \Device\HarddiskVolume1\Windows\System32\dwm.exe |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Get filename | file_name = \Device\HarddiskVolume1\Windows\explorer.exe |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = api.ipify.org, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, accept_types = 4223056, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = api.ipify.org/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 32, size_out = 14 |
|
1 | |
| Inet | Read Response | size = 18, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75de10b5 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = butsulacoft.com, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, target_resource = /ls5/forum.php, accept_types = 4223048, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Content-Type: application/x-www-form-urlencoded, url = butsulacoft.com/ls5/forum.php |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Open Connection | protocol = HTTP, server_name = supritofuld.ru, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, target_resource = /ls5/forum.php, accept_types = 4223048, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Content-Type: application/x-www-form-urlencoded, url = supritofuld.ru/ls5/forum.php |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 33554431, size_out = 1048 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Open Connection | protocol = HTTP, server_name = tekstheks.nl, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, target_resource = /wp-admin/includes/1, accept_types = 4223056, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = tekstheks.nl/wp-admin/includes/1 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 5242880, size_out = 46344 |
|
1 | |
| Inet | Read Response | size = 5196536, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Module | Get Handle | module_name = wsock32.dll, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = wsock32.dll, base_address = 0x74a10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = inet_addr, address_out = 0x76dd311b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = gethostbyname, address_out = 0x76de7673 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = socket, address_out = 0x76dd3eb8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = connect, address_out = 0x76dd6bdd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = closesocket, address_out = 0x76dd3918 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = send, address_out = 0x76dd6f01 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = select, address_out = 0x76dd6989 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = recv, address_out = 0x74a117a8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = setsockopt, address_out = 0x74a118e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wsock32.dll, function = WSAStartup, address_out = 0x76dd3ab2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x75dd53c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75dd3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75dd1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75dd1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75dd5a4b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address_out = 0x75ded0a7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address_out = 0x75decfdf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75dd2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x75dd168c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75dd110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x75df2a9d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x75df2b7a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesA, address_out = 0x75dd5414 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsA, address_out = 0x75deeb39 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x75dd196e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingA, address_out = 0x75dd5506 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFile, address_out = 0x75dd18f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x75dd1826 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75dd49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75dd1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address_out = 0x75df276c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x75dfd526 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x75dd5444 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75dd1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75dd170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75dd11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpA, address_out = 0x75deeceb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75df735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address_out = 0x75df8ae7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75dd1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address_out = 0x75df88a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75dd1245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileA, address_out = 0x75dde2ce |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75dd3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileA, address_out = 0x75dfd53e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75dd4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x75dd3519 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x75ded5e5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemInfo, address_out = 0x75dd49ca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetWindowsDirectoryA, address_out = 0x75df2b0a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileStringA, address_out = 0x75de184c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetCurrentDirectoryA, address_out = 0x75de1834 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileSectionNamesA, address_out = 0x75e4a1c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileIntA, address_out = 0x75dfcdd7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentDirectoryA, address_out = 0x75dfd4f6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75dd1700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75ded802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address_out = 0x75dd4c6b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x75dd1072 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75dd10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringA, address_out = 0x75dfbc39 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75dd7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x75dd87c9 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\urlmon.dll, base_address = 0x76ff0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x77021d76 |
|
1 | |
| Module | Get Handle | module_name = userenv.dll, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x749f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\userenv.dll, function = LoadUserProfileA, address_out = 0x749fe071 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\userenv.dll, function = UnloadUserProfile, address_out = 0x749f3e6f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x752e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x7530363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = GetHGlobalFromStream, address_out = 0x753041d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateGuid, address_out = 0x753215d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoTaskMemFree, address_out = 0x75336f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75329d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = OleInitialize, address_out = 0x752fefd7 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address_out = 0x7580ae5f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = FindWindowExA, address_out = 0x758000d9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SendMessageA, address_out = 0x7580612e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetClassNameA, address_out = 0x758079df |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x757f9679 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x77294907 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x772948ef |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7729469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyA, address_out = 0x7728cc15 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExA, address_out = 0x77291481 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyA, address_out = 0x7728cd01 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x772914b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = IsTextUnicode, address_out = 0x7729448e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenCurrentUser, address_out = 0x772915ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameA, address_out = 0x772aa4b4 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x76e1d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCreateUrlA, address_out = 0x76e2dbcd |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\shlwapi.dll, base_address = 0x76f10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIA, address_out = 0x76f1d250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrRChrIA, address_out = 0x76f4e13f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrToIntA, address_out = 0x76f3cd65 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIA, address_out = 0x76f1d11c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x76f246e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrA, address_out = 0x76f3c45b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x752e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = StgOpenStorage, address_out = 0x752f480e |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x75990000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptUnprotectData, address_out = 0x759c5a7f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CertOpenSystemStoreA, address_out = 0x759e5ff0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CertEnumCertificatesInStore, address_out = 0x7599e33a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CertCloseStore, address_out = 0x7599dd10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptAcquireCertificatePrivateKey, address_out = 0x759e5a3b |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x772940e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CheckTokenMembership, address_out = 0x7728df04 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7729412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateA, address_out = 0x772c7381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CredFree, address_out = 0x7728b2ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetUserKey, address_out = 0x772c3228 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptExportKey, address_out = 0x772891ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7728c51a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RevertToSelf, address_out = 0x77291562 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77294304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ImpersonateLoggedOnUser, address_out = 0x7728c57a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7729431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertSidToStringSidA, address_out = 0x772b192a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LogonUserA, address_out = 0x772c2654 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueA, address_out = 0x7729404a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7729418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CreateProcessAsUserA, address_out = 0x772c2538 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x75fe0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathA, address_out = 0x760f7804 |
|
1 | |
| Module | Load | module_name = netapi32.dll, base_address = 0x749d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetApiBufferFree, address_out = 0x749c13d2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetUserEnum, address_out = 0x749859cf |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WTSGetActiveConsoleSessionId, address_out = 0x75e53f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ProcessIdToSessionId, address_out = 0x75dd1275 |
|
1 | |
| Module | Load | module_name = vaultcli.dll, base_address = 0x74970000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultOpenVault, address_out = 0x749726a9 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultEnumerateItems, address_out = 0x74973099 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultGetItem, address_out = 0x74973242 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultCloseVault, address_out = 0x74972718 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultFree, address_out = 0x74974321 |
|
1 | |
| Module | Load | module_name = msi.dll, base_address = 0x745f0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiGetComponentPathA, address_out = 0x746aecd5 |
|
1 | |
| Module | Load | module_name = pstorec.dll, base_address = 0x74960000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PStoreCreateInstance, address_out = 0x7496526c |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x749f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\userenv.dll, function = CreateEnvironmentBlock, address_out = 0x749f1a7a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\userenv.dll, function = DestroyEnvironmentBlock, address_out = 0x749f1a4e |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin, value_name = UninstallString, data = 67 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin, value_name = DisplayName, data = 65 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome, value_name = DisplayName, data = 71 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US), value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US), value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US), value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US), value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}, value_name = DisplayName, data = 74 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a}, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a}, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}, value_name = DisplayName, data = 65 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346}, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346}, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d}, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d}, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573, value_name = UninstallString, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f}, value_name = UninstallString, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f}, value_name = UninstallString, data = 34 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}, value_name = UninstallString, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}, value_name = UninstallString, data = 77 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}, value_name = DisplayName, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}, value_name = DisplayName, data = 77 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
|
1 | |
| Mutex | Create | mutex_name = Local\mtxLogMeInIgnition.IgnitionMutex |
|
1 | |
| Process | Create | process_name = cmd /K, os_pid = 0xa34, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75de10b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75dd195e |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
3 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\HWID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = HWID, size = 38, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = HWID, type = REG_BINARY |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = HWID, data = 123 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75de10b5 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Windows\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GHISLER\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\ProgramData\GHISLER\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GHISLER\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
6 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
6 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
6 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
6 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Ini | Read | file_name_orig = C:\Windows\win.ini, section_name = WS_FTP, key_name = DIR |
|
1 | |
| Ini | Read | file_name_orig = C:\Windows\win.ini, section_name = WS_FTP, key_name = DEFDIR |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 9\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP\3 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP\3 |
|
6 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP\4 |
|
12 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP\3 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP\3 |
|
6 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP\4 |
|
12 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\3\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\4\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\3\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\4\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\3\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\4\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FileZilla |
|
58 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FileZilla Client |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FileZilla |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FileZilla Client |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\sitemanager.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\recentservers.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\filezilla.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FileZilla\sitemanager.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FileZilla\recentservers.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FileZilla\filezilla.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\sitemanager.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\recentservers.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\filezilla.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Main |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Main |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Options |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Options |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\BPFTP |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\VanDyke\SecureFX |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Martin Prikryl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Martin Prikryl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Opera Software |
|
6 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Opera.HTML\shell\open\command |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 67 |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files (x86)\Mozilla Firefox, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Ini | Enumerate Sections | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, data_out = General, size = 65000 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/asmpdd98.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| Module | Load | module_name = nss3.dll, base_address = 0x74430000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NSS_Init, address_out = 0x744ed70b |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NSS_Shutdown, address_out = 0x744ed13c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NSSBase64_DecodeBuffer, address_out = 0x744ee7d9 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SECITEM_FreeItem, address_out = 0x744ee656 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11_GetInternalKeySlot, address_out = 0x74483c51 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11_Authenticate, address_out = 0x7446d3ca |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11SDR_Decrypt, address_out = 0x744800a7 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11_FreeSlot, address_out = 0x74483333 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, size = 4096, size_out = 4096 |
|
80 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, size = 4096, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = 67 |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files (x86)\Mozilla Firefox, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Ini | Enumerate Sections | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, data_out = General, size = 65000 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/asmpdd98.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 67 |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files (x86)\Mozilla Firefox, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Ini | Enumerate Sections | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, data_out = General, size = 65000 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/asmpdd98.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| Module | Load | module_name = nss3.dll, base_address = 0x74430000 |
|
1 | |
|
For performance reasons, the remaining 1132 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | cmd /K |
| Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
| Monitor | Start Time: 00:00:47, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:26 |
| Information | Value |
|---|---|
| PID | 0xa34 |
| Parent PID | 0x9dc (c:\windows\syswow64\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A38
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2017-08-21 21:04:28 (UTC) |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a5a0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75dea84f |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String |
|
2 | ||
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\aDU0VK IWA5kLS\Desktop |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75df3b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75dd4a5d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x75dea79d |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 32 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8192 |
|
1 |
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | C:\Windows\System32\svchost.exe |
| Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:18 |
| Information | Value |
|---|---|
| PID | 0xa68 |
| Parent PID | 0x9dc (c:\windows\syswow64\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A6C
0x
A70
0x
A74
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\windows\syswow64\svchost.exe | 0x9e0 | address = 0xbc00000, size = 73728 |
|
1 | |
| Modify Memory | #2: c:\windows\syswow64\svchost.exe | 0x9e0 | address = 0x7efde008, size = 4 |
|
1 | |
| Modify Control Flow | #2: c:\windows\syswow64\svchost.exe | 0x9e0 | os_tid = 0xa6c, address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = GetSystemInfo, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetPrivateProfileSectionNamesA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetCurrentDirectoryA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetCurrentProcess, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetPrivateProfileStringA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetFileAttributesA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = IsDebuggerPresent, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = SetUnhandledExceptionFilter, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = UnhandledExceptionFilter, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = TerminateProcess, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = SetCurrentDirectoryA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrcmpW, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetPrivateProfileIntA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetLocaleInfoA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = LCMapStringA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GlobalUnlock, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GlobalLock, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = ExitProcess, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RtlUnwind, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = FindWindowExA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = SendMessageA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = SendMessageW, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = wsprintfA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetClassNameA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CredEnumerateA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = FreeSid, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = AllocateAndInitializeSid, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RegOpenKeyExA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = LookupPrivilegeValueA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RegCreateKeyA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RegQueryValueExA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RegSetValueExA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = IsTextUnicode, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = OpenProcessToken, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RegCloseKey, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RegOpenKeyA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RegEnumKeyExA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CredFree, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = LogonUserA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetUserNameA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = RevertToSelf, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = ImpersonateLoggedOnUser, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = AdjustTokenPrivileges, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CheckTokenMembership, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = SHGetFolderPathA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = OleInitialize, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = GetHGlobalFromStream, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CreateStreamOnHGlobal, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CoCreateGuid, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CoTaskMemFree, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = CoCreateInstance, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 21, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 19, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 23, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 3, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 52, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 4, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 115, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 11, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 16, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = 0, ordinal = 18, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = StrRChrIA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = StrCmpNIA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = StrStrA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = StrStrIW, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = StrToIntA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = StrStrIA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = InternetCrackUrlA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = InternetCreateUrlA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = ObtainUserAgentString, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = NETAPI32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = NetApiBufferFree, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = NetUserEnum, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Load | module_name = USERENV.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = UnloadUserProfile, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| Module | Get Address | function = LoadUserProfileA, ordinal = 0, address_out = 0x21fe3c |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75de10b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75dd195e |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = HWID, type = REG_BINARY |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = HWID, data = 123 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = HWID, type = REG_BINARY |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = HWID, data = 123 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75de10b5 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FileZilla |
|
58 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FileZilla Client |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FileZilla |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FileZilla Client |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\sitemanager.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\recentservers.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FileZilla\filezilla.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FileZilla\sitemanager.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FileZilla\recentservers.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FileZilla\filezilla.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\sitemanager.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\recentservers.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FileZilla\filezilla.xml, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\VanDyke\SecureFX |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Program Files (x86)\CuteFTP\sm.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 9\QCToolbar |
|
3 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Windows\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\GHISLER\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\ProgramData\GHISLER\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\GHISLER\wcx_ftp.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Windows Commander |
|
6 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
|
6 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander |
|
6 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander |
|
6 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP\3 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP\3 |
|
6 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP\4 |
|
12 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP\3 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP\3 |
|
6 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP\4 |
|
12 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\FlashFXP\5 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\FlashFXP\5 |
|
3 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\5\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\5\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\3\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\4\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\FlashFXP\5\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\3\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\4\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\5\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\3\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\4\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\5\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\3\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\4\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\ProgramData\FlashFXP\5\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\5\Sites.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\5\Quick.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\3\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\4\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\FlashFXP\5\History.dat, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Martin Prikryl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Martin Prikryl |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data, size = 4096, size_out = 4096 |
|
16 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memmove, address_out = 0x77758f50 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal, size = 4096, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 67 |
|
1 | |
| Ini | Enumerate Sections | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini, data_out = General, size = 65000 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/asmpdd98.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
1 | |
| Module | Load | module_name = nss3.dll, base_address = 0x74430000 |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = NSS_Init, address_out = 0x744ed70b |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = PK11_GetInternalKeySlot, address_out = 0x74483c51 |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = PK11_Authenticate, address_out = 0x7446d3ca |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = PK11SDR_Decrypt, address_out = 0x744800a7 |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = NSSBase64_DecodeBuffer, address_out = 0x744ee7d9 |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = PK11_CheckUserPassword, address_out = 0x7446cbc4 |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = SECITEM_FreeItem, address_out = 0x744ee656 |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = NSS_Shutdown, address_out = 0x744ed13c |
|
1 | |
| Module | Get Address | module_name = c:\program files (x86)\mozilla firefox\nss3.dll, function = PK11_FreeSlot, address_out = 0x74483333 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\Profiles\asmpdd98.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\Profiles\asmpdd98.default\signons.sqlite, size = 4096, size_out = 4096 |
|
80 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\Profiles\asmpdd98.default\signons.sqlite, size = 4096, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = 67 |
|
1 | |
| Ini | Enumerate Sections | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini, data_out = General, size = 65000 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/asmpdd98.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| COM | Create | interface = 3C374A41-BAE4-11CF-BF7D-00AA006946EE, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
3 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData |
|
3 | |
|
For performance reasons, the remaining 208 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp |
| Command Line | C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp |
| Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:15 |
| Information | Value |
|---|---|
| PID | 0xa7c |
| Parent PID | 0x9dc (c:\windows\syswow64\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A80
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75dd1245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75dd49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75dd1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75dd186e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringA, address_out = 0x75dfb2b7 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = _stricmp, address_out = 0x7775c7b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memset, address_out = 0x7774df20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77742340 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MessageBoxW, address_out = 0x7584fd3f |
|
1 | |
| Debug | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, type = DEBUG_STRING, text = j8I1 |
|
1 | ||
| Module | Load | module_name = shlwapi.dll, base_address = 0x76f10000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x75fe0000 |
|
1 | |
| Process | Create | process_name = explorer.exe, os_pid = 0xa84, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = explorer.exe, address = 0x7efde008, size = 4 |
|
1 | |
| Memory | Read | process_name = explorer.exe, address = 0x850000, size = 24576 |
|
1 | |
| Memory | Read | process_name = explorer.exe, address = 0x850000, size = 2625536 |
|
1 | |
| Module | Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 2686576 |
|
1 | |
| Module | Map | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, protection = PAGE_EXECUTE_READWRITE, address_out = 0x25a0000 |
|
1 | |
| Module | Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 2686576 |
|
1 | |
| Module | Map | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, protection = PAGE_EXECUTE_READWRITE, address_out = 0x370000 |
|
1 | |
| Module | Get Filename | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp, size = 260 |
|
1 | |
| Module | Map | process_name = explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x70000 |
|
1 | |
| Thread | Resume | process_name = c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp, os_tid = 0xa80 |
|
1 |
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\explorer.exe |
| Command Line | explorer.exe |
| Initial Working Directory | C:\Users\aDU0VK IWA5kLS\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:14 |
| Information | Value |
|---|---|
| PID | 0xa84 |
| Parent PID | 0xa7c (c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A88
0x
A8C
0x
A90
0x
A94
0x
A98
0x
A9C
0x
AA0
0x
AA4
0x
AA8
0x
AB0
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #6: c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp | 0xa80 | address = 0x70000, size = 98304 |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\123[1].dat | 5.40 MB (5661523 bytes) |
MD5:
2197a2a6da9cd6c3ec10de424f3d83c5
SHA1: 15c23018cb8811fc61487f127284074fd7a7a513 SHA256: ae7c326df3d6d3a1f30a828b7cbed005370bcc6b2888ddb8a746e1c8738dde37 |
|
|
| c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\123[1].dat | 0.72 KB (738 bytes) |
MD5:
185d324b2d65fb8cdd9b7451087e74e0
SHA1: b3220801844de9eb3be9ea75b17a8321f2e428e0 SHA256: eb7111d2c484dd2bada2f4bd14652c55914506d7b463b4cf2542c69bf8bbefa5 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = WS2_32.dll, base_address = 0x76dd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 22, address_out = 0x76dd449d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x76dd311b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 115, address_out = 0x76dd3ab2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = freeaddrinfo, address_out = 0x76dd4b1b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = getaddrinfo, address_out = 0x76dd4296 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 3, address_out = 0x76dd3918 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 4, address_out = 0x76dd6bdd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 23, address_out = 0x76dd3eb8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x76ddb131 |
|
1 | |
| Module | Load | module_name = DNSAPI.dll, base_address = 0x74c60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\dnsapi.dll, function = DnsQuery_A, address_out = 0x74c8a9bc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\dnsapi.dll, function = DnsFree, address_out = 0x74c6436b |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = DeleteUrlCacheEntryA, address_out = 0x76e559e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x76e2b406 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x76e2a33e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionW, address_out = 0x76e27ed7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionW, address_out = 0x76e27741 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x76e34c7d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x76ea18f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x76e21b56 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x76e349e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x76e2ab49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x76e275e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x76e3f18e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x76e1d075 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x75dd192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75dd2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x75dd168c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75dd7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75dd10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75dd34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75dd1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75df735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75df8baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75dd11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75dd1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75dd3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75dd3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x75dd469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75dd1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75dd110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75ded4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75dd89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75dd1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75dd186e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x75dd59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75dd1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75dd14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75dd14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77761f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7774e026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75dd1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75dd49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringA, address_out = 0x75dfb2b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75df896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x75dd34c8 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x7584fd1e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x77294907 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x772948ef |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7728df14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7728df66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7728df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7728df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x7728df7e |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75fe0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76065708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76f10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x76f3edfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x76f5066c |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
40 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = shell32.dll, base_address = 0x75fe0000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Load | module_name = shlwapi.dll, base_address = 0x76f10000 |
|
1 | |
| Module | Load | module_name = Ws2_32.dll, base_address = 0x76dd0000 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\aaf4e053c |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76ff0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x77021d76 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 545267, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 262144 |
|
21 | |
| Inet | Read Response | size = 262144, size_out = 156499 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Close Session |
|
1 | ||
| Process | Open | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Address | function = NtAllocateVirtualMemory, ordinal = 0, address_out = 0x70d02c |
|
1 | |
| Memory | Allocate | process_name = c:\windows\syswow64\explorer.exe, address = 0x70d070, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 7393384 |
|
1 | |
| Module | Get Address | function = NtWriteVirtualMemory, ordinal = 0, address_out = 0x70d038 |
|
1 | |
| Memory | Write | process_name = c:\windows\syswow64\explorer.exe, address = 0x2c40000, size = 245760 |
|
1 | |
| Module | Get Address | function = NtAllocateVirtualMemory, ordinal = 0, address_out = 0x70cfdc |
|
1 | |
| Memory | Allocate | process_name = c:\windows\syswow64\explorer.exe, address = 0x70d020, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 7393304 |
|
1 | |
| Module | Get Address | function = NtWriteVirtualMemory, ordinal = 0, address_out = 0x70cfe8 |
|
1 | |
| Memory | Write | process_name = c:\windows\syswow64\explorer.exe, address = 0x77a0000, size = 13384668 |
|
1 | |
| Module | Get Address | function = NtAllocateVirtualMemory, ordinal = 0, address_out = 0x70d02c |
|
1 | |
| Memory | Allocate | process_name = c:\windows\syswow64\explorer.exe, address = 0x70d070, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 7393384 |
|
1 | |
| Module | Get Address | function = NtWriteVirtualMemory, ordinal = 0, address_out = 0x70d038 |
|
1 | |
| Memory | Write | process_name = c:\windows\syswow64\explorer.exe, address = 0x2b90000, size = 4 |
|
1 | |
| Module | Get Address | function = NtWriteVirtualMemory, ordinal = 0, address_out = 0x70d038 |
|
1 | |
| Memory | Write | process_name = c:\windows\syswow64\explorer.exe, address = 0x2b90004, size = 2968 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Address | function = LdrLoadDll, ordinal = 0, address_out = 0x70d070 |
|
1 | |
| Module | Load | module_name = C:\Windows\System32\kernelbase.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateRemoteThread, ordinal = 0, address_out = 0x70d070 |
|
1 | |
| Thread | Create | process_name = c:\windows\syswow64\explorer.exe, proc_address = 0x2c4ad14, proc_parameter = 45678592, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:40, Reason: Injection |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:33 |
| Information | Value |
|---|---|
| PID | 0x568 |
| Parent PID | 0xffffffffffffffff (Unknown) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AC4
0x
644
0x
480
0x
59C
0x
770
0x
748
0x
6F8
0x
72C
0x
73C
0x
730
0x
714
0x
490
0x
794
0x
74C
0x
6D0
0x
6CC
0x
6B4
0x
6AC
0x
68C
0x
684
0x
680
0x
670
0x
668
0x
664
0x
660
0x
644
0x
598
0x
594
0x
590
0x
58C
0x
588
0x
574
0x
56C
0x
9A4
0x
698
0x
6E0
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00021fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000130000 | 0x00130000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x00537fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000540000 | 0x00540000 | 0x006c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000006d0000 | 0x006d0000 | 0x01acffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001ad0000 | 0x01ad0000 | 0x01ec2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01f0ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001f10000 | 0x01f10000 | 0x01feefff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002000000 | 0x02000000 | 0x02001fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002010000 | 0x02010000 | 0x02039fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002040000 | 0x02040000 | 0x02040fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002050000 | 0x02050000 | 0x02065fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002070000 | 0x02070000 | 0x02070fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002080000 | 0x02080000 | 0x02081fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002090000 | 0x02090000 | 0x0210ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002110000 | 0x02110000 | 0x0217bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002180000 | 0x02180000 | 0x02180fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002190000 | 0x02190000 | 0x02190fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000021a0000 | 0x021a0000 | 0x0221ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02220000 | 0x024eefff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000024f0000 | 0x024f0000 | 0x024f1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002500000 | 0x02500000 | 0x02501fff | Pagefile Backed Memory | Readable |
|
|
|
|
| comctl32.dll.mui | 0x02510000 | 0x02512fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002530000 | 0x02530000 | 0x0254bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002560000 | 0x02560000 | 0x02568fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002570000 | 0x02570000 | 0x02577fff | Private Memory | Readable, Writable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db | 0x02580000 | 0x025a6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| cversions.2.db | 0x025c0000 | 0x025c3fff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x025d0000 | 0x025d3fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000025e0000 | 0x025e0000 | 0x025e1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000025f0000 | 0x025f0000 | 0x02697fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000026a0000 | 0x026a0000 | 0x026a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db | 0x026b0000 | 0x026dffff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000026e0000 | 0x026e0000 | 0x026e1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000026f0000 | 0x026f0000 | 0x026f3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002700000 | 0x02700000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002710000 | 0x02710000 | 0x02713fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002720000 | 0x02720000 | 0x02721fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002730000 | 0x02730000 | 0x02730fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002740000 | 0x02740000 | 0x02740fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002750000 | 0x02750000 | 0x02750fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002760000 | 0x02760000 | 0x0276ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002770000 | 0x02770000 | 0x0286ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002870000 | 0x02870000 | 0x02870fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002880000 | 0x02880000 | 0x02880fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002890000 | 0x02890000 | 0x0290ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002910000 | 0x02910000 | 0x02957fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002960000 | 0x02960000 | 0x02963fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002970000 | 0x02970000 | 0x02970fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002980000 | 0x02980000 | 0x02980fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002990000 | 0x02990000 | 0x02a8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002a90000 | 0x02a90000 | 0x02b8ffff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x02ba0000 | 0x02baffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| index.dat | 0x02bb0000 | 0x02bbffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000002bc0000 | 0x02bc0000 | 0x02c3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002c40000 | 0x02c40000 | 0x02c7bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000002d90000 | 0x02d90000 | 0x030d2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000030e0000 | 0x030e0000 | 0x030e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000030f0000 | 0x030f0000 | 0x0316ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003170000 | 0x03170000 | 0x03170fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003180000 | 0x03180000 | 0x031fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003200000 | 0x03200000 | 0x03200fff | Pagefile Backed Memory | Readable |
|
|
|
|
| wdmaud.drv.mui | 0x03210000 | 0x03210fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| mmdevapi.dll.mui | 0x03220000 | 0x03220fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003230000 | 0x03230000 | 0x03231fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000003240000 | 0x03240000 | 0x03241fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x03250000 | 0x03253fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003260000 | 0x03260000 | 0x032dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000032e0000 | 0x032e0000 | 0x032e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000032f0000 | 0x032f0000 | 0x0336ffff | Private Memory | Readable, Writable |
|
|
|
|
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x03370000 | 0x033d5fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000033e0000 | 0x033e0000 | 0x0345ffff | Private Memory | Readable, Writable |
|
|
|
|
| staticcache.dat | 0x03460000 | 0x03d8ffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003d90000 | 0x03d90000 | 0x03d90fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003da0000 | 0x03da0000 | 0x03da0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003db0000 | 0x03db0000 | 0x03e2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003e30000 | 0x03e30000 | 0x03e30fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003e40000 | 0x03e40000 | 0x03e40fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003e50000 | 0x03e50000 | 0x03e50fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003e60000 | 0x03e60000 | 0x03e61fff | Pagefile Backed Memory | Readable |
|
|
|
|
| {40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db | 0x03e70000 | 0x03e70fff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x03e80000 | 0x03e83fff | Memory Mapped File | Readable |
|
|
|
|
| {b33c4f4b-938b-4cb1-bc05-f090b0a61a1a}.2.ver0x0000000000000001.db | 0x03e90000 | 0x03e90fff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x03ea0000 | 0x03ea3fff | Memory Mapped File | Readable |
|
|
|
|
| {d299adbb-3c80-401e-9a81-68ee95177a1c}.2.ver0x0000000000000001.db | 0x03eb0000 | 0x03eb0fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003ec0000 | 0x03ec0000 | 0x03ec0fff | Private Memory | Readable, Writable |
|
|
|
|
| cversions.2.db | 0x03ed0000 | 0x03ed3fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003ef0000 | 0x03ef0000 | 0x03f6ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003f70000 | 0x03f70000 | 0x03f70fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000003f80000 | 0x03f80000 | 0x03f81fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000003f90000 | 0x03f90000 | 0x03f91fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000003fa0000 | 0x03fa0000 | 0x03feffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003ff0000 | 0x03ff0000 | 0x03ff1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000004000000 | 0x04000000 | 0x04001fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004010000 | 0x04010000 | 0x04011fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004020000 | 0x04020000 | 0x04021fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaccrc.dll | 0x04030000 | 0x04030fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000004040000 | 0x04040000 | 0x04041fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000004050000 | 0x04050000 | 0x04051fff | Pagefile Backed Memory | Readable |
|
|
|
|
| bthprops.cpl.mui | 0x04080000 | 0x04086fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004090000 | 0x04090000 | 0x04091fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000040a0000 | 0x040a0000 | 0x040a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| prnfldr.dll.mui | 0x040b0000 | 0x040b3fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| netshell.dll.mui | 0x040c0000 | 0x040d0fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x00000000040f0000 | 0x040f0000 | 0x040f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004110000 | 0x04110000 | 0x04110fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004120000 | 0x04120000 | 0x0419ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000041a0000 | 0x041a0000 | 0x041a0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000041b0000 | 0x041b0000 | 0x041b0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000041c0000 | 0x041c0000 | 0x0423ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004240000 | 0x04240000 | 0x04240fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004250000 | 0x04250000 | 0x04250fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004260000 | 0x04260000 | 0x042dffff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x04320000 | 0x04333fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| index.dat | 0x04340000 | 0x04347fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| index.dat | 0x043e0000 | 0x0441ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004420000 | 0x04420000 | 0x04420fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004440000 | 0x04440000 | 0x044bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004530000 | 0x04530000 | 0x045affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000045b0000 | 0x045b0000 | 0x047affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004820000 | 0x04820000 | 0x0489ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000048b0000 | 0x048b0000 | 0x0492ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004a20000 | 0x04a20000 | 0x04a9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004ae0000 | 0x04ae0000 | 0x04b5ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004bb0000 | 0x04bb0000 | 0x04c2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004d00000 | 0x04d00000 | 0x04d7ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005150000 | 0x05150000 | 0x05552fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005570000 | 0x05570000 | 0x055effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005660000 | 0x05660000 | 0x056dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005730000 | 0x05730000 | 0x057affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005830000 | 0x05830000 | 0x058affff | Private Memory | Readable, Writable |
|
|
|
|
| imageres.dll | 0x05970000 | 0x06cc4fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000006d30000 | 0x06d30000 | 0x06daffff | Private Memory | Readable, Writable |
|
|
|
|
|
For performance reasons, the remaining 244 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2c40000, size = 245760 |
|
1 | |
| Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x77a0000, size = 13384668 |
|
1 | |
| Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2b90000, size = 4 |
|
1 | |
| Modify Memory | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2b90004, size = 2968 |
|
1 | |
| Create Remote Thread | #7: c:\windows\syswow64\explorer.exe | 0xa8c | address = 0x2c4ad14 |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\utobyg\aslim.exe | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\utobyg\aslim.exe | 176.00 KB (180224 bytes) |
MD5:
773da788e860440ea6c7b3a6d4801b9d
SHA1: 607f9306fdcb4906b2175c5a20e002c99b29da53 SHA256: 879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi | 10.00 MB (10485760 bytes) |
MD5:
a044d696891917f5b2de228a2b4191fc
SHA1: 3a9f36226dc4686d75cfefc71d2b8755b38bb38b SHA256: 8e834cabb162d65422c401c08aef958849539d7e3499d9ae08f53e76b610dbad |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\microsoft\windows\start menu\programs\startup\start.lnk | 0.86 KB (883 bytes) |
MD5:
940b6a3f4f922c64091e4dc9a57c1781
SHA1: 0c1260dd0c38fda83a493fe679cdec8ef6c8aae9 SHA256: b71d0a7877a68247e17964df8ae6fa8e8a4106437ba7c1590afea75c4d9caaa0 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ReadFile, address_out = 0x77331500 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FlushFileBuffers, address_out = 0x773269f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteFile, address_out = 0x773435a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount, address_out = 0x77342b00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesW, address_out = 0x773337a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualAlloc, address_out = 0x773367a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSizeEx, address_out = 0x77329b30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualFree, address_out = 0x77331260 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointerEx, address_out = 0x7732af00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesW, address_out = 0x7733bdd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetProcessHeap, address_out = 0x77343050 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = HeapFree, address_out = 0x77343070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = HeapReAlloc, address_out = 0x77573f20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = HeapAlloc, address_out = 0x775933a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryA, address_out = 0x77337070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OutputDebugStringA, address_out = 0x77324f60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Thread32First, address_out = 0x7736aa70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Thread32Next, address_out = 0x7736a980 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentThread, address_out = 0x77333f20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessW, address_out = 0x77341bb0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeLibrary, address_out = 0x77336620 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MultiByteToWideChar, address_out = 0x77335b50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WideCharToMultiByte, address_out = 0x773435f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateMutexW, address_out = 0x773313c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ReleaseMutex, address_out = 0x77342b90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetLastError, address_out = 0x77342df0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForMultipleObjects, address_out = 0x77331170 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLastError, address_out = 0x77342dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThread, address_out = 0x77336580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetComputerNameW, address_out = 0x7732d130 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateEventW, address_out = 0x77335290 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ExitThread, address_out = 0x77586930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ExitProcess, address_out = 0x775640f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = InitializeCriticalSection, address_out = 0x77568100 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameW, address_out = 0x77337700 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcessId, address_out = 0x77335a50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = AddVectoredExceptionHandler, address_out = 0x77623ad0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemDefaultLCID, address_out = 0x773233a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowsDirectoryW, address_out = 0x773282b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForSingleObject, address_out = 0x77342b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetProcAddress, address_out = 0x77343690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleHandleW, address_out = 0x77343730 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryW, address_out = 0x77336f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualProtect, address_out = 0x77322ef0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateRemoteThread, address_out = 0x7736c4f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualAllocEx, address_out = 0x7736bbd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualFreeEx, address_out = 0x7736bb90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DuplicateHandle, address_out = 0x77335d10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteProcessMemory, address_out = 0x7736bad0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OpenProcess, address_out = 0x7733cad0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Process32NextW, address_out = 0x773220f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Process32FirstW, address_out = 0x77321e00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateToolhelp32Snapshot, address_out = 0x773221e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateDirectoryW, address_out = 0x7732ad70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = TerminateProcess, address_out = 0x7736bca0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetEvent, address_out = 0x77333f00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteFileW, address_out = 0x7732ad90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Sleep, address_out = 0x77342b70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseHandle, address_out = 0x77342f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileW, address_out = 0x77331870 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = lstrcmpiA, address_out = 0x773240a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = lstrlenA, address_out = 0x7733caf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteConsoleW, address_out = 0x77333d40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetStdHandle, address_out = 0x7736bce0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetConsoleMode, address_out = 0x77342e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetConsoleCP, address_out = 0x773605f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LCMapStringW, address_out = 0x77340dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = HeapSize, address_out = 0x775682d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStringTypeW, address_out = 0x77339060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OutputDebugStringW, address_out = 0x7732b760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryExW, address_out = 0x77336640 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCPInfo, address_out = 0x77336ce0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetOEMCP, address_out = 0x7733b580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetACP, address_out = 0x77336f90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsValidCodePage, address_out = 0x77339080 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LeaveCriticalSection, address_out = 0x77593000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = EnterCriticalSection, address_out = 0x77592fc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsProcessorFeaturePresent, address_out = 0x7736cc80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsDebuggerPresent, address_out = 0x77328290 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RtlUnwindEx, address_out = 0x77352d90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = TlsFree, address_out = 0x77331590 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = TlsSetValue, address_out = 0x77335cd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = TlsGetValue, address_out = 0x77342bd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = TlsAlloc, address_out = 0x77337100 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetUnhandledExceptionFilter, address_out = 0x77339b70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = UnhandledExceptionFilter, address_out = 0x773b9330 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RtlVirtualUnwind, address_out = 0x7736b5b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RtlLookupFunctionEntry, address_out = 0x7736b610 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RtlCaptureContext, address_out = 0x7736b6f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeEnvironmentStringsW, address_out = 0x77336d20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetEnvironmentStringsW, address_out = 0x77336d00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemTimeAsFileTime, address_out = 0x77333f40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = QueryPerformanceCounter, address_out = 0x77336500 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameA, address_out = 0x773364a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStartupInfoW, address_out = 0x77338070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteCriticalSection, address_out = 0x77565350 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileType, address_out = 0x77342e00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStdHandle, address_out = 0x7733d750 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleHandleExW, address_out = 0x7732b780 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RaiseException, address_out = 0x7732cf10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RtlPcToFileHeader, address_out = 0x77352d80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DecodePointer, address_out = 0x77569c50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = EncodePointer, address_out = 0x77573bd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCommandLineA, address_out = 0x77341e70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemInfo, address_out = 0x77336f70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualQuery, address_out = 0x7733bd40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ResumeThread, address_out = 0x773313a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SuspendThread, address_out = 0x77322f60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentThreadId, address_out = 0x77333ee0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OpenThread, address_out = 0x7733c560 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FlushInstructionCache, address_out = 0x773233e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = HeapCreate, address_out = 0x773370e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcess, address_out = 0x77335cf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetThreadContext, address_out = 0x77322f10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetThreadContext, address_out = 0x77322f40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LocalFree, address_out = 0x773347a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetVersionExW, address_out = 0x7732d910 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7fefdb00000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptHashData, address_out = 0x7fefdb0dac0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExW, address_out = 0x7fefdb11ed0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExW, address_out = 0x7fefdb206f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSidSubAuthority, address_out = 0x7fefdb11754 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OpenThreadToken, address_out = 0x7fefdb1bd84 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTokenInformation, address_out = 0x7fefdb1bd50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = OpenProcessToken, address_out = 0x7fefdb1bd70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCreateKeyExW, address_out = 0x7fefdb1b520 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptReleaseContext, address_out = 0x7fefdb0dd10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDestroyHash, address_out = 0x7fefdb0db00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGetHashParam, address_out = 0x7fefdb0db20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptCreateHash, address_out = 0x7fefdb0dad4 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLengthSid, address_out = 0x7fefdb1b580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7fefdb0d98c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7fefdb1c480 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7fefdb20710 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExA, address_out = 0x7fefdb11dc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCreateKeyExA, address_out = 0x7fefdb11d10 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7feff2b0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathRenameExtensionW, address_out = 0x7feff2de6c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathRemoveBackslashW, address_out = 0x7feff2bd014 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathAddBackslashW, address_out = 0x7feff2c3f70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathAddExtensionW, address_out = 0x7feff2de630 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = wvnsprintfA, address_out = 0x7feff2e2200 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = wvnsprintfW, address_out = 0x7feff2e22e4 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathCombineW, address_out = 0x7feff2c3dfc |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x7fefdfb0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SHGetFolderPathW, address_out = 0x7fefe033ba4 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x77440000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MessageBoxA, address_out = 0x774b12b8 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CharUpperW, address_out = 0x7745b714 |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 18, address_out = 0x7feff7e4da0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 115, address_out = 0x7feff7e4980 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 15, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 11, address_out = 0x7feff7e1350 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 9, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 19, address_out = 0x7feff7e8000 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x7feff6b0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindCloseUrlCache, address_out = 0x7feff6be600 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7fefede0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StringFromGUID2, address_out = 0x7fefee03560 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CLSIDFromString, address_out = 0x7fefedf0680 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitialize, address_out = 0x7fefedfa51c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitializeSecurity, address_out = 0x7fefedf8220 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstance, address_out = 0x7fefee07490 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoUninitialize, address_out = 0x7fefee01314 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitializeEx, address_out = 0x7fefee02a30 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x7feff5d0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 2, address_out = 0x7feff5d3480 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 6, address_out = 0x7feff5d1320 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 9, address_out = 0x7feff5d1180 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:20 (UTC) |
|
1 | |
| Module | Get Handle | module_name = kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FlsAlloc, address_out = 0x77337190 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FlsFree, address_out = 0x773315b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FlsGetValue, address_out = 0x77343520 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FlsSetValue, address_out = 0x7733bd90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = InitializeCriticalSectionEx, address_out = 0x773379b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateSemaphoreExW, address_out = 0x7736c4c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetThreadStackGuarantee, address_out = 0x77328050 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThreadpoolTimer, address_out = 0x77328820 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetThreadpoolTimer, address_out = 0x7755b2f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseThreadpoolTimer, address_out = 0x7754d620 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThreadpoolWait, address_out = 0x7736ba80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetThreadpoolWait, address_out = 0x7755e170 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseThreadpoolWait, address_out = 0x7754c540 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FlushProcessWriteBuffers, address_out = 0x77591f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcessorNumber, address_out = 0x77590040 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLogicalProcessorInformation, address_out = 0x7736b820 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateSymbolicLinkW, address_out = 0x77395ad0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = EnumSystemLocalesEx, address_out = 0x7736c3d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CompareStringEx, address_out = 0x7736b980 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetDateFormatEx, address_out = 0x773b0920 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLocaleInfoEx, address_out = 0x77323c10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTimeFormatEx, address_out = 0x773ad4e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserDefaultLocaleName, address_out = 0x7736b790 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsValidLocaleName, address_out = 0x7736b770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LCMapStringEx, address_out = 0x7736b710 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x7fefdbe0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Handle | module_name = kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsWow64Process, address_out = 0x773291d0 |
|
1 | |
| Module | Load | module_name = Ws2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| Mutex | Create | mutex_name = Global\{AE124E3B-FDD1-1422-65D9-FE61A0417768} |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo, type = file_attributes |
|
1 | |
| File | Create Directory | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq, type = file_attributes |
|
1 | |
| File | Create Directory | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg, type = file_attributes |
|
1 | |
| File | Create Directory | C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| System | Get Computer Name | result_out = AUFDDCNTXWT |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 1498210050, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId, data = 164 |
|
1 | |
| System | Sleep | duration = 20 milliseconds (0.020 seconds) |
|
39 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, size = 13422020 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp, type = size, size_out = 180224 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp, size = 180224, size_out = 180224 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Utobyg\aslim.exe, size = 180224 |
|
1 | |
| File | Delete | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\aaf4e053c |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\aaf4e053c, value_name = 1dc1e28ae, size = 4416, type = REG_BINARY |
|
1 | |
| COM | Create | interface = 000214F9-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsWow64Process, address_out = 0x773291d0 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, type = size, size_out = 13422020 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, size = 13422020, size_out = 13422020 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x110000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 245760 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x110000, size = 245760 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x150000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3060 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x150000, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x150004, size = 3056 |
|
1 | |
| Thread | Create | process_name = c:\windows\explorer.exe, proc_address = 0x11ad14, proc_parameter = 1376256, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsWow64Process, address_out = 0x773291d0 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x1fe0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 245760 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x1fe0000, size = 245760 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x120000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3060 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x120000, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x120004, size = 3056 |
|
1 | |
| Thread | Create | process_name = c:\windows\explorer.exe, proc_address = 0x1fead14, proc_parameter = 1179648, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsWow64Process, address_out = 0x773291d0 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x1f40000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 245760 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x1f40000, size = 245760 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x1eb0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3060 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x1eb0000, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x1eb0004, size = 3056 |
|
1 | |
| Thread | Create | process_name = c:\windows\explorer.exe, proc_address = 0x1f4ad14, proc_parameter = 32178176, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsWow64Process, address_out = 0x773291d0 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, type = size, size_out = 13422020 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, size = 13422020, size_out = 13422020 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x130000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2273280 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x130000, size = 2273280 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0xb0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 3008 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0xb0000, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0xb0004, size = 3004 |
|
1 | |
| Thread | Create | process_name = c:\windows\explorer.exe, proc_address = 0x175220, proc_parameter = 720896, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} |
|
1 | |
| Mutex | Create | mutex_name = Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} |
|
1 | |
|
For performance reasons, the remaining 385 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_NONE |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Process | Create | process_name = C:\Windows\syswow64\msiexec.exe, os_pid = 0x65c, creation_flags = CREATE_SUSPENDED, CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_NONE |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 1061, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 |
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\taskhost.exe |
| Command Line | "taskhost.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:43, Reason: Injection |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:30 |
| Information | Value |
|---|---|
| PID | 0x510 |
| Parent PID | 0x1dc (c:\windows\system32\services.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B9C
0x
B3C
0x
430
0x
7DC
0x
7AC
0x
79C
0x
798
0x
52C
0x
51C
0x
514
0x
554
0x
7F4
0x
728
0x
150
0x
330
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000110000 | 0x00110000 | 0x0014bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000190000 | 0x00190000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000340000 | 0x00340000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000490000 | 0x00490000 | 0x00617fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000620000 | 0x00620000 | 0x007a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000007b0000 | 0x007b0000 | 0x01baffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001bb0000 | 0x01bb0000 | 0x01fa2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001ff0000 | 0x01ff0000 | 0x0206ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002080000 | 0x02080000 | 0x020fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002110000 | 0x02110000 | 0x0218ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002190000 | 0x02190000 | 0x0226efff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002280000 | 0x02280000 | 0x022fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002300000 | 0x02300000 | 0x0237ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002380000 | 0x02380000 | 0x0241ffff | Private Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x02430000 | 0x024effff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000002610000 | 0x02610000 | 0x0268ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000026c0000 | 0x026c0000 | 0x0273ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002740000 | 0x02740000 | 0x027bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027d0000 | 0x027d0000 | 0x0284ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002880000 | 0x02880000 | 0x028fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002920000 | 0x02920000 | 0x0292ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002930000 | 0x02930000 | 0x029affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000029c0000 | 0x029c0000 | 0x02a3ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02a40000 | 0x02d0efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002e40000 | 0x02e40000 | 0x02ebffff | Private Memory | Readable, Writable |
|
|
|
|
| kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| taskhost.exe | 0xff200000 | 0xff213fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winmm.dll | 0x7fef6750000 | 0x7fef678afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| npmproxy.dll | 0x7fef6790000 | 0x7fef679bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dimsjob.dll | 0x7fef69c0000 | 0x7fef69cdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netprofm.dll | 0x7fef8030000 | 0x7fef80a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| hotstartuseragent.dll | 0x7fef8a50000 | 0x7fef8a5afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msutb.dll | 0x7fef8a60000 | 0x7fef8a9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctfmonitor.dll | 0x7fef8aa0000 | 0x7fef8aaafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| playsndsrv.dll | 0x7fefa450000 | 0x7fefa467fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| slc.dll | 0x7fefb8c0000 | 0x7fefb8cafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dsrole.dll | 0x7fefb8d0000 | 0x7fefb8dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wtsapi32.dll | 0x7fefb950000 | 0x7fefb960fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x7fefb970000 | 0x7fefb984fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| taskschd.dll | 0x7fefbaa0000 | 0x7fefbbc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x7fefca60000 | 0x7fefcaa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7fefd350000 | 0x7fefd374fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x7fefd380000 | 0x7fefd38efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winsta.dll | 0x7fefd430000 | 0x7fefd46cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrtremote.dll | 0x7fefd470000 | 0x7fefd483fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x7fefd990000 | 0x7fefda28fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7fefda30000 | 0x7fefda5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7fefdb00000 | 0x7fefdbdafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x7fefdbe0000 | 0x7fefdd57fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7fefdd60000 | 0x7fefddc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7fefddd0000 | 0x7fefded8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x7fefdee0000 | 0x7fefdfa8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x7fefdfb0000 | 0x7fefed37fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7fefed40000 | 0x7fefeddefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x7fefede0000 | 0x7fefefe2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7feff2b0000 | 0x7feff320fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x7feff330000 | 0x7feff33dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x7feff340000 | 0x7feff598fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x7feff5a0000 | 0x7feff5a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7feff5b0000 | 0x7feff5cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7feff5d0000 | 0x7feff6a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x7feff6b0000 | 0x7feff7d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x7feff7e0000 | 0x7feff82cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x7feff860000 | 0x7feff860fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x110000, size = 245760 |
|
1 | |
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x150000, size = 4 |
|
1 | |
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x150004, size = 3056 |
|
1 | |
| Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x11ad14 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x77331500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushFileBuffers, address_out = 0x773269f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x773435a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x77342b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x773337a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x773367a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x77329b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x77331260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7732af00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7733bdd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetProcessHeap, address_out = 0x77343050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapFree, address_out = 0x77343070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapReAlloc, address_out = 0x77573f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapAlloc, address_out = 0x775933a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x77337070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OutputDebugStringA, address_out = 0x77324f60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Thread32First, address_out = 0x7736aa70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Thread32Next, address_out = 0x7736a980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThread, address_out = 0x77333f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x77341bb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x77336620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MultiByteToWideChar, address_out = 0x77335b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WideCharToMultiByte, address_out = 0x773435f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateMutexW, address_out = 0x773313c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReleaseMutex, address_out = 0x77342b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetLastError, address_out = 0x77342df0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x77331170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x77342dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x77336580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameW, address_out = 0x7732d130 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateEventW, address_out = 0x77335290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitThread, address_out = 0x77586930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x775640f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77568100 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x77337700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessId, address_out = 0x77335a50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77623ad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLCID, address_out = 0x773233a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x773282b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForSingleObject, address_out = 0x77342b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address_out = 0x77343690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleW, address_out = 0x77343730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryW, address_out = 0x77336f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualProtect, address_out = 0x77322ef0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateRemoteThread, address_out = 0x7736c4f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAllocEx, address_out = 0x7736bbd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFreeEx, address_out = 0x7736bb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DuplicateHandle, address_out = 0x77335d10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteProcessMemory, address_out = 0x7736bad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OpenProcess, address_out = 0x7733cad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address_out = 0x773220f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address_out = 0x77321e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x773221e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7732ad70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TerminateProcess, address_out = 0x7736bca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetEvent, address_out = 0x77333f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7732ad90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x77342b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x77342f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x77331870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcmpiA, address_out = 0x773240a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrlenA, address_out = 0x7733caf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteConsoleW, address_out = 0x77333d40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetStdHandle, address_out = 0x7736bce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetConsoleMode, address_out = 0x77342e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetConsoleCP, address_out = 0x773605f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LCMapStringW, address_out = 0x77340dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapSize, address_out = 0x775682d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStringTypeW, address_out = 0x77339060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OutputDebugStringW, address_out = 0x7732b760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryExW, address_out = 0x77336640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCPInfo, address_out = 0x77336ce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetOEMCP, address_out = 0x7733b580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetACP, address_out = 0x77336f90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsValidCodePage, address_out = 0x77339080 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77593000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EnterCriticalSection, address_out = 0x77592fc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x7736cc80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x77328290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlUnwindEx, address_out = 0x77352d90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsFree, address_out = 0x77331590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsSetValue, address_out = 0x77335cd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsGetValue, address_out = 0x77342bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsAlloc, address_out = 0x77337100 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x77339b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x773b9330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlVirtualUnwind, address_out = 0x7736b5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlLookupFunctionEntry, address_out = 0x7736b610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlCaptureContext, address_out = 0x7736b6f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x77336d20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x77336d00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x77333f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x77336500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x773364a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x77338070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77565350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileType, address_out = 0x77342e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStdHandle, address_out = 0x7733d750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleExW, address_out = 0x7732b780 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address_out = 0x7732cf10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlPcToFileHeader, address_out = 0x77352d80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x77569c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x77573bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineA, address_out = 0x77341e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemInfo, address_out = 0x77336f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualQuery, address_out = 0x7733bd40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ResumeThread, address_out = 0x773313a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SuspendThread, address_out = 0x77322f60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThreadId, address_out = 0x77333ee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x7733c560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushInstructionCache, address_out = 0x773233e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapCreate, address_out = 0x773370e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x77335cf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadContext, address_out = 0x77322f10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetThreadContext, address_out = 0x77322f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LocalFree, address_out = 0x773347a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7732d910 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7fefdb00000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptHashData, address_out = 0x7fefdb0dac0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7fefdb11ed0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7fefdb206f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSidSubAuthority, address_out = 0x7fefdb11754 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = OpenThreadToken, address_out = 0x7fefdb1bd84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetTokenInformation, address_out = 0x7fefdb1bd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = OpenProcessToken, address_out = 0x7fefdb1bd70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExW, address_out = 0x7fefdb1b520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptReleaseContext, address_out = 0x7fefdb0dd10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyHash, address_out = 0x7fefdb0db00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGetHashParam, address_out = 0x7fefdb0db20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptCreateHash, address_out = 0x7fefdb0dad4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetLengthSid, address_out = 0x7fefdb1b580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7fefdb0d98c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7fefdb1c480 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7fefdb20710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExA, address_out = 0x7fefdb11dc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExA, address_out = 0x7fefdb11d10 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7feff2b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x7feff2de6c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x7feff2bd014 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7feff2c3f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathAddExtensionW, address_out = 0x7feff2de630 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = wvnsprintfA, address_out = 0x7feff2e2200 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = wvnsprintfW, address_out = 0x7feff2e22e4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathCombineW, address_out = 0x7feff2c3dfc |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x7fefdfb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = SHGetFolderPathW, address_out = 0x7fefe033ba4 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x77440000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MessageBoxA, address_out = 0x774b12b8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = CharUpperW, address_out = 0x7745b714 |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 18, address_out = 0x7feff7e4da0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 115, address_out = 0x7feff7e4980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 15, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 11, address_out = 0x7feff7e1350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 9, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 19, address_out = 0x7feff7e8000 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x7feff6b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindCloseUrlCache, address_out = 0x7feff6be600 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7fefede0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = StringFromGUID2, address_out = 0x7fefee03560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CLSIDFromString, address_out = 0x7fefedf0680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7fefedfa51c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitializeSecurity, address_out = 0x7fefedf8220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7fefee07490 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoUninitialize, address_out = 0x7fefee01314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x7fefee02a30 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x7feff5d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 2, address_out = 0x7feff5d3480 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 6, address_out = 0x7feff5d1320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 9, address_out = 0x7feff5d1180 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:23 (UTC) |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77337190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x773315b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x77343520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x7733bd90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x773379b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x7736c4c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x77328050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x77328820 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7755b2f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7754d620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x7736ba80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolWait, address_out = 0x7755e170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7754c540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77591f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77590040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x7736b820 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x77395ad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x7736c3d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CompareStringEx, address_out = 0x7736b980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDateFormatEx, address_out = 0x773b0920 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x77323c10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTimeFormatEx, address_out = 0x773ad4e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x7736b790 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocaleName, address_out = 0x7736b770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x7736b710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Windows\system32\taskhost.exe, size = 260 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Windows\system32\taskhost.exe, size = 260 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x7fefdbe0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\urlmon.dll, function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Windows\system32\taskhost.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Load | module_name = Ws2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} |
|
1 |
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\dwm.exe |
| Command Line | "C:\Windows\system32\Dwm.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:44, Reason: Injection |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:29 |
| Information | Value |
|---|---|
| PID | 0x55c |
| Parent PID | 0x318 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B44
0x
4A8
0x
4E0
0x
570
0x
564
0x
560
0x
634
0x
80C
0x
81C
0x
82C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000130000 | 0x00130000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001c0000 | 0x001c0000 | 0x002bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x00447fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000450000 | 0x00450000 | 0x005d0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000005e0000 | 0x005e0000 | 0x019dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000019e0000 | 0x019e0000 | 0x01dd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001de0000 | 0x01de0000 | 0x01edffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001ee0000 | 0x01ee0000 | 0x01fbefff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001fd0000 | 0x01fd0000 | 0x01fdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001fe0000 | 0x01fe0000 | 0x0201bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000002080000 | 0x02080000 | 0x020fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002150000 | 0x02150000 | 0x021cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000021d0000 | 0x021d0000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002250000 | 0x02250000 | 0x0230ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002310000 | 0x02310000 | 0x0238ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02390000 | 0x0265efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002660000 | 0x02660000 | 0x0275ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027b0000 | 0x027b0000 | 0x0282ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028f0000 | 0x028f0000 | 0x0296ffff | Private Memory | Readable, Writable |
|
|
|
|
| kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77710000 | 0x77716fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| dwm.exe | 0xff110000 | 0xff132fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dxgi.dll | 0x7fefa130000 | 0x7fefa1d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d10_1core.dll | 0x7fefa1e0000 | 0x7fefa234fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d10_1.dll | 0x7fefa240000 | 0x7fefa273fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmcore.dll | 0x7fefa280000 | 0x7fefa411fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmredir.dll | 0x7fefa420000 | 0x7fefa446fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windowscodecs.dll | 0x7fefad90000 | 0x7fefaeb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x7fefc650000 | 0x7fefc65bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x7fefd5e0000 | 0x7fefd619fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7fefda30000 | 0x7fefda5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7fefdb00000 | 0x7fefdbdafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x7fefdbe0000 | 0x7fefdd57fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7fefdd60000 | 0x7fefddc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7fefddd0000 | 0x7fefded8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x7fefdee0000 | 0x7fefdfa8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x7fefdfb0000 | 0x7fefed37fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7fefed40000 | 0x7fefeddefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x7fefede0000 | 0x7fefefe2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7feff2b0000 | 0x7feff320fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x7feff330000 | 0x7feff33dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x7feff340000 | 0x7feff598fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x7feff5a0000 | 0x7feff5a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7feff5b0000 | 0x7feff5cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7feff5d0000 | 0x7feff6a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x7feff6b0000 | 0x7feff7d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x7feff7e0000 | 0x7feff82cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x7feff860000 | 0x7feff860fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1fe0000, size = 245760 |
|
1 | |
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x120000, size = 4 |
|
1 | |
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x120004, size = 3056 |
|
1 | |
| Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x1fead14 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x77331500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushFileBuffers, address_out = 0x773269f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x773435a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x77342b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x773337a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x773367a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x77329b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x77331260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7732af00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7733bdd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetProcessHeap, address_out = 0x77343050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapFree, address_out = 0x77343070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapReAlloc, address_out = 0x77573f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapAlloc, address_out = 0x775933a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x77337070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OutputDebugStringA, address_out = 0x77324f60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Thread32First, address_out = 0x7736aa70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Thread32Next, address_out = 0x7736a980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThread, address_out = 0x77333f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x77341bb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x77336620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MultiByteToWideChar, address_out = 0x77335b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WideCharToMultiByte, address_out = 0x773435f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateMutexW, address_out = 0x773313c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReleaseMutex, address_out = 0x77342b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetLastError, address_out = 0x77342df0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x77331170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x77342dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x77336580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameW, address_out = 0x7732d130 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateEventW, address_out = 0x77335290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitThread, address_out = 0x77586930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x775640f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77568100 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x77337700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessId, address_out = 0x77335a50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77623ad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLCID, address_out = 0x773233a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x773282b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForSingleObject, address_out = 0x77342b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address_out = 0x77343690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleW, address_out = 0x77343730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryW, address_out = 0x77336f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualProtect, address_out = 0x77322ef0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateRemoteThread, address_out = 0x7736c4f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAllocEx, address_out = 0x7736bbd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFreeEx, address_out = 0x7736bb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DuplicateHandle, address_out = 0x77335d10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteProcessMemory, address_out = 0x7736bad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OpenProcess, address_out = 0x7733cad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address_out = 0x773220f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address_out = 0x77321e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x773221e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7732ad70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TerminateProcess, address_out = 0x7736bca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetEvent, address_out = 0x77333f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7732ad90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x77342b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x77342f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x77331870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcmpiA, address_out = 0x773240a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrlenA, address_out = 0x7733caf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteConsoleW, address_out = 0x77333d40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetStdHandle, address_out = 0x7736bce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetConsoleMode, address_out = 0x77342e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetConsoleCP, address_out = 0x773605f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LCMapStringW, address_out = 0x77340dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapSize, address_out = 0x775682d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStringTypeW, address_out = 0x77339060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OutputDebugStringW, address_out = 0x7732b760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryExW, address_out = 0x77336640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCPInfo, address_out = 0x77336ce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetOEMCP, address_out = 0x7733b580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetACP, address_out = 0x77336f90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsValidCodePage, address_out = 0x77339080 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77593000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EnterCriticalSection, address_out = 0x77592fc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x7736cc80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x77328290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlUnwindEx, address_out = 0x77352d90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsFree, address_out = 0x77331590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsSetValue, address_out = 0x77335cd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsGetValue, address_out = 0x77342bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsAlloc, address_out = 0x77337100 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x77339b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x773b9330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlVirtualUnwind, address_out = 0x7736b5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlLookupFunctionEntry, address_out = 0x7736b610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlCaptureContext, address_out = 0x7736b6f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x77336d20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x77336d00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x77333f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x77336500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x773364a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x77338070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77565350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileType, address_out = 0x77342e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStdHandle, address_out = 0x7733d750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleExW, address_out = 0x7732b780 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address_out = 0x7732cf10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlPcToFileHeader, address_out = 0x77352d80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x77569c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x77573bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineA, address_out = 0x77341e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemInfo, address_out = 0x77336f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualQuery, address_out = 0x7733bd40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ResumeThread, address_out = 0x773313a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SuspendThread, address_out = 0x77322f60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThreadId, address_out = 0x77333ee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x7733c560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushInstructionCache, address_out = 0x773233e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapCreate, address_out = 0x773370e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x77335cf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadContext, address_out = 0x77322f10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetThreadContext, address_out = 0x77322f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LocalFree, address_out = 0x773347a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7732d910 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7fefdb00000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptHashData, address_out = 0x7fefdb0dac0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7fefdb11ed0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7fefdb206f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSidSubAuthority, address_out = 0x7fefdb11754 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = OpenThreadToken, address_out = 0x7fefdb1bd84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetTokenInformation, address_out = 0x7fefdb1bd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = OpenProcessToken, address_out = 0x7fefdb1bd70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExW, address_out = 0x7fefdb1b520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptReleaseContext, address_out = 0x7fefdb0dd10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyHash, address_out = 0x7fefdb0db00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGetHashParam, address_out = 0x7fefdb0db20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptCreateHash, address_out = 0x7fefdb0dad4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetLengthSid, address_out = 0x7fefdb1b580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7fefdb0d98c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7fefdb1c480 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7fefdb20710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExA, address_out = 0x7fefdb11dc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExA, address_out = 0x7fefdb11d10 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7feff2b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x7feff2de6c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x7feff2bd014 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7feff2c3f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathAddExtensionW, address_out = 0x7feff2de630 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = wvnsprintfA, address_out = 0x7feff2e2200 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = wvnsprintfW, address_out = 0x7feff2e22e4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathCombineW, address_out = 0x7feff2c3dfc |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x7fefdfb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = SHGetFolderPathW, address_out = 0x7fefe033ba4 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x77440000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MessageBoxA, address_out = 0x774b12b8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = CharUpperW, address_out = 0x7745b714 |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 18, address_out = 0x7feff7e4da0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 115, address_out = 0x7feff7e4980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 15, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 11, address_out = 0x7feff7e1350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 9, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 19, address_out = 0x7feff7e8000 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x7feff6b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindCloseUrlCache, address_out = 0x7feff6be600 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7fefede0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = StringFromGUID2, address_out = 0x7fefee03560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CLSIDFromString, address_out = 0x7fefedf0680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7fefedfa51c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitializeSecurity, address_out = 0x7fefedf8220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7fefee07490 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoUninitialize, address_out = 0x7fefee01314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x7fefee02a30 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x7feff5d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 2, address_out = 0x7feff5d3480 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 6, address_out = 0x7feff5d1320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 9, address_out = 0x7feff5d1180 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:24 (UTC) |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77337190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x773315b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x77343520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x7733bd90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x773379b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x7736c4c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x77328050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x77328820 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7755b2f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7754d620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x7736ba80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolWait, address_out = 0x7755e170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7754c540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77591f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77590040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x7736b820 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x77395ad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x7736c3d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CompareStringEx, address_out = 0x7736b980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDateFormatEx, address_out = 0x773b0920 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x77323c10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTimeFormatEx, address_out = 0x773ad4e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x7736b790 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocaleName, address_out = 0x7736b770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x7736b710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\dwm.exe, file_name_orig = C:\Windows\system32\Dwm.exe, size = 260 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\windows\system32\dwm.exe, file_name_orig = C:\Windows\system32\Dwm.exe, size = 260 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x7fefdbe0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\urlmon.dll, function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\dwm.exe, file_name_orig = C:\Windows\system32\Dwm.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Load | module_name = Ws2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} |
|
1 |
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\syswow64\msiexec.exe |
| Command Line | C:\Windows\syswow64\msiexec.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:29 |
| Information | Value |
|---|---|
| PID | 0x65c |
| Parent PID | 0x568 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
67C
0x
928
0x
690
0x
91C
0x
914
0x
9A0
0x
9C8
0x
9C4
0x
9C0
0x
41C
0x
440
0x
910
0x
8C0
0x
9D4
0x
8B8
0x
8C8
0x
9E8
0x
A04
0x
8F8
0x
A0C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x000affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable |
|
|
|
|
| msiexec.exe.mui | 0x000c0000 | 0x000c0fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x000effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000130000 | 0x00130000 | 0x0035afff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| locale.nls | 0x00360000 | 0x003c6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x00404fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000400000 | 0x00400000 | 0x00414fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| windowsshell.manifest | 0x00400000 | 0x00400fff | Memory Mapped File | Readable |
|
|
|
|
| index.dat | 0x00400000 | 0x00407fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000410000 | 0x00410000 | 0x00411fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000420000 | 0x00420000 | 0x0045ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000460000 | 0x00460000 | 0x0049ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000460000 | 0x00460000 | 0x004e8fff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x00460000 | 0x0049bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000004a0000 | 0x004a0000 | 0x004dffff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x004e0000 | 0x004f3fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x00000000004f0000 | 0x004f0000 | 0x0057afff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x00500000 | 0x0050ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000510000 | 0x00510000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000510000 | 0x00510000 | 0x00510fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000520000 | 0x00520000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000580000 | 0x00580000 | 0x005bffff | Private Memory | Readable, Writable |
|
|
|
|
| msiexec.exe | 0x005f0000 | 0x00603fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000640000 | 0x00640000 | 0x0067ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000680000 | 0x00680000 | 0x006bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000006d0000 | 0x006d0000 | 0x0074ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000780000 | 0x00780000 | 0x007bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000810000 | 0x00810000 | 0x0090ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a97fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x00c20fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000c30000 | 0x00c30000 | 0x0202ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002030000 | 0x02030000 | 0x0210ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002040000 | 0x02040000 | 0x0207ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000020d0000 | 0x020d0000 | 0x0210ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002110000 | 0x02110000 | 0x021effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002120000 | 0x02120000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002170000 | 0x02170000 | 0x021affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000021b0000 | 0x021b0000 | 0x021effff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x021f0000 | 0x024befff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000024c0000 | 0x024c0000 | 0x0318cfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000024c0000 | 0x024c0000 | 0x024fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002540000 | 0x02540000 | 0x0257ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002580000 | 0x02580000 | 0x025bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000025c0000 | 0x025c0000 | 0x025fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002620000 | 0x02620000 | 0x0265ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002660000 | 0x02660000 | 0x027effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002660000 | 0x02660000 | 0x0275ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002770000 | 0x02770000 | 0x027affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027b0000 | 0x027b0000 | 0x027effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027f0000 | 0x027f0000 | 0x028cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028d0000 | 0x028d0000 | 0x0290ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002950000 | 0x02950000 | 0x0298ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002990000 | 0x02990000 | 0x02d9ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002da0000 | 0x02da0000 | 0x031affff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002da0000 | 0x02da0000 | 0x02e9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002da0000 | 0x02da0000 | 0x02ddffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002e00000 | 0x02e00000 | 0x02e3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002e90000 | 0x02e90000 | 0x02e9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ea0000 | 0x02ea0000 | 0x0302ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003190000 | 0x03190000 | 0x03e5cfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003e60000 | 0x03e60000 | 0x04080fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004090000 | 0x04090000 | 0x04371fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004380000 | 0x04380000 | 0x049fcfff | Private Memory | Readable, Writable |
|
|
|
|
| wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msi.dll | 0x745f0000 | 0x7482ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x74990000 | 0x7499efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| srvcli.dll | 0x749a0000 | 0x749b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x749c0000 | 0x749c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netapi32.dll | 0x749d0000 | 0x749e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74a40000 | 0x74a7afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x74a80000 | 0x74a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wship6.dll | 0x74b40000 | 0x74b45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshtcpip.dll | 0x74b50000 | 0x74b54fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x74bf0000 | 0x74bfffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasapi32.dll | 0x74c00000 | 0x74c51fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dnsapi.dll | 0x74c60000 | 0x74ca3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74cb0000 | 0x74e4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sensapi.dll | 0x75170000 | 0x75175fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rtutils.dll | 0x75180000 | 0x7518cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasman.dll | 0x75190000 | 0x751a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x751e0000 | 0x751eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x75220000 | 0x75226fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x75230000 | 0x7524bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75530000 | 0x7572afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x75990000 | 0x75aacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x76e10000 | 0x76f04fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76ff0000 | 0x77125fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x776f0000 | 0x776fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
|
For performance reasons, the remaining 45 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0xb0000, size = 4 |
|
1 | |
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0xb0004, size = 3004 |
|
1 | |
| Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x175220 |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\adu0vk iwa5kls\appdata\roaming\libeay32.dll | 1.90 MB (1990144 bytes) |
MD5:
2ed6a2a2be88d3a48fa820a6bb15cd25
SHA1: fbbfa096208027cb99174dac08b16818db397521 SHA256: d61532be14bec8dd27477b58cb767579d58900634b0c33b8ade81aec85171b0b |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\libevent-2-0-5.dll | 702.36 KB (719217 bytes) |
MD5:
90f50a285efa5dd9c7fddce786bdef25
SHA1: 54213da21542e11d656bb65db724105afe8be688 SHA256: 77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\libgcc_s_sjlj-1.dll | 511.00 KB (523262 bytes) |
MD5:
73d4823075762ee2837950726baa2af9
SHA1: ebce3532ed94ad1df43696632ab8cf8da8b9e221 SHA256: 9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\libssp-0.dll | 90.43 KB (92599 bytes) |
MD5:
78581e243e2b41b17452da8d0b5b2a48
SHA1: eaefb59c31cf07e60a98af48c5348759586a61bb SHA256: f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\ssleay32.dll | 391.00 KB (400384 bytes) |
MD5:
acfdeda45860601f49e4d2b102078981
SHA1: 7df7645fc704f955b8762593aac7b2e8535fbe29 SHA256: 1c8f8ce21cd0d01c8b302ebe9c4b85a4a18babec0f84c05e56d5fa4b95bcf688 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe | 2.83 MB (2967040 bytes) |
MD5:
404242a1b8f01d51ef4789132b784691
SHA1: 9059b0dfe5c629ee82c640f41041471104baf343 SHA256: 58a4e31a68fb7467a0b56578548487ebd19cc9ce79584fc3fa4864ce87a15f71 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\zlib1.dll | 105.00 KB (107520 bytes) |
MD5:
fb072e9f69afdb57179f59b512f828a4
SHA1: fe71b70173e46ee4e3796db9139f77dc32d2f846 SHA256: 66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383 |
|
|
| c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\gate[1].htm | 0.37 KB (378 bytes) |
MD5:
801c4ac09de1b23450cddc2e4cc5d0cb
SHA1: 0483e182aefe4ced1301cc5960f33db4ec71bacd SHA256: e3e3ef35ce7e15c39f7e32fc99fe5122c78f407dc08fbc6ea44ed2b1b7b8c358 |
|
|
| c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\checkip_dyndns_org[1].htm | 0.10 KB (106 bytes) |
MD5:
e8c75025c3e9c749a89c4b38a8fc2af5
SHA1: 8e10161663dc8505c029d455a4cbffb645493ee9 SHA256: 860a87ddd2c1b97a6a896edff00cdb3e00da0333ea7981b580ab9a36fa08a2cf |
|
|
| c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\gate[1].htm | 6.18 KB (6333 bytes) |
MD5:
17b3f7028152cf786bf9737c8784c930
SHA1: 1ef367f4aa15ad74afb8b493c7a43fa49538502c SHA256: 83026559a6e963cc25661ddbfaac6ec3995bc4217d1ca4d07ed93ce35f248ff1 |
|
|
| c:\users\adu0vk iwa5kls\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\gate[1].htm | 1.02 KB (1040 bytes) |
MD5:
710e7f9d209f1a103df22337b838aa74
SHA1: 98434bf33b9e497b7578ca1963ca479b77221c14 SHA256: 9cae944e9aa4b23fe49ebde567ce2fee3045e864111cb1ff84daa8fe17db15f9 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\okguaxb.crt | 1.00 KB (1025 bytes) |
MD5:
a78828838883401dbf1ec05583bc7c8a
SHA1: e6a3a437d4b3fbfd5750e5aa962570c1da1ef6fd SHA256: ca3afa28388e5b26ef47402c85adf558d8610d097f67637d8d01456145afb3b9 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\certutil.exe | 101.50 KB (103936 bytes) |
MD5:
0c6b43c9602f4d5ac9dcf907103447c4
SHA1: 7a77c7ae99d400243845cce0e0931f029a73f79a SHA256: 5950722034c8505daa9b359127feb707f16c37d2f69e79d16ee6d9ec37690478 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\freebl3.dll | 217.00 KB (222208 bytes) |
MD5:
269beb631b580c6d54db45b5573b1de5
SHA1: 64050c1159c2bcfc0e75da407ef0098ad2de17c8 SHA256: ffc7558a61a4e6546cf095bdeabea19f05247a0daa02dca20ea3605e7fc62c77 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\libnspr4.dll | 195.00 KB (199680 bytes) |
MD5:
6e84af2875700285309dd29294365c6a
SHA1: fc3cb3b2a704250fc36010e2ab495cdc5e7378a9 SHA256: 1c158e680749e642e55f721f60a71314e26e03e785cd92e560bf650b83c4c3c8 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\libplc4.dll | 14.00 KB (14336 bytes) |
MD5:
1fae68b740f18290b98b2f9e23313cc2
SHA1: fa3545dc8db38b3b27f1009e1d61dc2949df3878 SHA256: 751c2156dc00525668dd990d99f7f61c257951c3fad01c0ee6359fcdff69f933 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\libplds4.dll | 12.00 KB (12288 bytes) |
MD5:
9ae76db13972553a5de5bdd07b1b654d
SHA1: 0c4508eb6f13b9b178237ccc4da759bff10af658 SHA256: 38a906373419501966daf6ec19ca2f8db7b29609128ae5cb424d2aa511652c29 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\msvcr100.dll | 755.83 KB (773968 bytes) |
MD5:
0e37fbfa79d349d672456923ec5fbbe3
SHA1: 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 SHA256: 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\nss3.dll | 780.00 KB (798720 bytes) |
MD5:
a1c4628d184b6ab25550b1ce74f44792
SHA1: c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc SHA256: 3f997d3f1674de9fd119f275638861bc229352f12c70536d8c83a70fcc370847 |
|
|
| c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll | 106.00 KB (108544 bytes) |
MD5:
051652ba7ca426846e936bc5aa3f39f3
SHA1: 0012007876dde3a2d764249ad86bc428300fe91e SHA256: 8eca993570fa55e8fe8f417143eea8128a58472e23074cbd2e6af4d3bb0f0d9a |
|
|
| c:\users\adu0vk~1\appdata\local\temp\nssutil3.dll | 91.50 KB (93696 bytes) |
MD5:
c26e940b474728e728cafe5912ba418a
SHA1: 7256e378a419f8d87de71835e6ad12faadaaaf73 SHA256: 1af1ac51a92b36de8d85d1f572369815404912908c3a489a6cd7ca2350c2a93d |
|
|
| c:\users\adu0vk~1\appdata\local\temp\smime3.dll | 95.50 KB (97792 bytes) |
MD5:
a5c670edf4411bf7f132f4280026137b
SHA1: c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58 SHA256: aba2732c7a016730e94e645dd04e8fafcc173fc2e5e2aac01a1c0c66ead1983e |
|
|
| c:\users\adu0vk~1\appdata\local\temp\softokn3.dll | 168.50 KB (172544 bytes) |
MD5:
2ab31c9401870adb4e9d88b5a6837abf
SHA1: 4f0fdd699e63f614d79ed6e47ef61938117d3b7a SHA256: 22ecece561510f77b100cff8109e5ed492c34707b7b14e0774aaa9ca813de4ad |
|
|
| c:\users\adu0vk~1\appdata\local\temp\sqlite3.dll | 414.00 KB (423936 bytes) |
MD5:
b58848a28a1efb85677e344db1fd67e6
SHA1: dad48e2b2b3b936efc15ac2c5f9099b7a1749976 SHA256: 00db98ab4d50e9b26ecd193bfad6569e1dd395db14246f8c233febba93965f7a |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75dd11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventA, address_out = 0x75dd328c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x75dd16dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x75dece2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75dd3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x75dd469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75dd1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x75dd51b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x75dd3531 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x75dd1328 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x75df7aca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75dd110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75ded4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75dd1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x75dd59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75dd186e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x75dec807 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75e544cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x75de052f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75dd14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75dd14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77761f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7774e026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75dd49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringA, address_out = 0x75dfb2b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address_out = 0x75e55c3f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address_out = 0x75e55b93 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x75dd17ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x75dd103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x75dd34c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageW, address_out = 0x75dd4620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x75dd192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75dd170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x75dd424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x75dd111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75dd11a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x75dd4220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x75dddd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x75dd168c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75dd11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDefaultLCID, address_out = 0x75dd32a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75dd1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x75dd34b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x75dd492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x75dd435f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x75ded9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75ded9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75e5416b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x75dd1886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x75ded9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75dd1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75df735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75df8baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75df896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75dd4259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75ded802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75dd3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75dd3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75dd4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75dd54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75dd4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x75dd1450 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x75dd5a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocalTime, address_out = 0x75dd5aa6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x75dd16c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75dd1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileExW, address_out = 0x75de9b2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75dd2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75de10b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x75dd1ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x777545f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77752c42 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75dd1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75dd34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = PeekNamedPipe, address_out = 0x75e54821 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandle, address_out = 0x75dd53ae |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToSystemTime, address_out = 0x75dd542c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x75dd418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileExW, address_out = 0x75de1811 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToLocalFileTime, address_out = 0x75dde29e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x75dd183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address_out = 0x7777d598 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75dd7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75dd4950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x75dd465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x7779742b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75dd10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75dd1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77742270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75dd5a4b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEnvironmentVariableA, address_out = 0x75dde331 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x75dd17b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75dd3bca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x75dd1946 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x75e5454f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadConsoleW, address_out = 0x75e7739a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x75e77bff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x75dd3587 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x75dd14fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x75dd11e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x75dd49ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x75dd87c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x75df772f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x75dd51cb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x75dd51e3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x75dd14b1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentDirectoryW, address_out = 0x75dd5611 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x75dd4d40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x75dfd1c3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75dd1916 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x75dd5189 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x75dfd1a1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x75dd179c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x75dd4493 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75dd1400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x75dd58a6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x75dd495d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleMode, address_out = 0x75dea77d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadConsoleInputA, address_out = 0x75e76f53 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75dd5235 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75dd4a5d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x777422b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75dd89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleCtrlHandler, address_out = 0x75dd8a09 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x75dd13f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77759d35 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77760fcb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x75dd51a1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x75dd4a6f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualQuery, address_out = 0x75dd445a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResumeThread, address_out = 0x75dd43ef |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SuspendThread, address_out = 0x75df7d7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenThread, address_out = 0x75de1248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75dd1462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushInstructionCache, address_out = 0x75dd4393 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75dd1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadContext, address_out = 0x75e55393 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadContext, address_out = 0x75df79d4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TryEnterCriticalSection, address_out = 0x77752500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFullPathNameW, address_out = 0x75dd40d4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFullPathNameA, address_out = 0x75dde2c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x75dd4173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x75ded5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x75ded4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x75dd53c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x75dd196e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCompact, address_out = 0x75dd4717 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x75dd17d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFile, address_out = 0x75dd18f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x75dd1826 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedCompareExchange, address_out = 0x75dd1484 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFile, address_out = 0x75dfcf36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushViewOfFile, address_out = 0x75dfb909 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LockFile, address_out = 0x75dfcf1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObjectEx, address_out = 0x75dd1151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x75dfd1d4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnlockFileEx, address_out = 0x75dfd594 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x75dd3509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FormatMessageA, address_out = 0x75df5fbd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x75dd35b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesA, address_out = 0x75dd5414 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75dd4a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x75dd4467 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75dd1245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75dd1725 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatus, address_out = 0x75dd8b6d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushConsoleInputBuffer, address_out = 0x75e77a9f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x75dd5a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x75dd5444 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x75e540d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address_out = 0x75df276c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x75dd3519 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesExW, address_out = 0x75dd4574 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemInfo, address_out = 0x75dd49ca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDiskFreeSpaceA, address_out = 0x75e5433f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingW, address_out = 0x75dd1909 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingA, address_out = 0x75dd5506 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDiskFreeSpaceW, address_out = 0x75def7aa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LockFileEx, address_out = 0x75dfd57c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77753002 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapValidate, address_out = 0x75deb17b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7728df14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteKeyW, address_out = 0x77291272 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteKeyA, address_out = 0x772aa8b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7729413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = DeregisterEventSource, address_out = 0x772935dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegisterEventSourceA, address_out = 0x77292d46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ReportEventA, address_out = 0x77283ee9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77289fe2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77294608 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7729415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77294680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77291f59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77294620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x772914d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x772946ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7729468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77290e24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77290e0c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x772941b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7729418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7729432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7729431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77294304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x772940fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7728df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7728df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7728df66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x7728df7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExA, address_out = 0x77291469 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x772948ef |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x77294907 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x772914b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7729469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x772ddb3a |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76f10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x76f2c177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIA, address_out = 0x76f1d11c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76f25c62 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x76f2c39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x76f286f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x76f3c6fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddExtensionW, address_out = 0x76f12589 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x76f3edfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x76f5066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76f23248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x76f4d32a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x76f255bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x76f3fbf5 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75fe0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathA, address_out = 0x760f7804 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75ff3c71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76065708 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x75803e75 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x757ff350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x7584fd1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetUserObjectInformationW, address_out = 0x757f8068 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetProcessWindowStation, address_out = 0x757f9eea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = ExitWindowsEx, address_out = 0x75841497 |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x76dd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 11, address_out = 0x76dd311b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = freeaddrinfo, address_out = 0x76dd4b1b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = getaddrinfo, address_out = 0x76dd4296 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 5, address_out = 0x76dd7147 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 6, address_out = 0x76dd30af |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 3, address_out = 0x76dd3918 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 1, address_out = 0x76dd68b6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 15, address_out = 0x76dd2d8b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 111, address_out = 0x76dd37ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 12, address_out = 0x76ddb131 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = 16, address_out = 0x76dd6b0e |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x75990000 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x76e10000 |
|
1 | |
| Module | Load | module_name = DNSAPI.dll, base_address = 0x74c60000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x752e0000 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x75ed0000 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:30 (UTC) |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75dd4f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75dd359f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75dd1252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75dd4208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75dd4d28 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x75e54195 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x75ddd31f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x75deee7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7776441c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7778c50e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7778c381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x75def088 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x777705d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7778ca24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77740b8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x777ffde8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77791e1d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x75e54761 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x75e4cd11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x75e5424f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x75e546b1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x75e66676 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x75e54751 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x75e665f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x75e547c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x75e547e1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x75e547f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\msiexec.exe, file_name_orig = C:\Windows\syswow64\msiexec.exe, size = 260 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\windows\syswow64\msiexec.exe, file_name_orig = C:\Windows\syswow64\msiexec.exe, size = 260 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76ff0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x77021d76 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\msiexec.exe, file_name_orig = C:\Windows\syswow64\msiexec.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Load | module_name = Ws2_32.dll, base_address = 0x76dd0000 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, type = size, size_out = 13422020 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, size = 13422020, size_out = 13422020 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libeay32.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libeay32.dll, size = 1990144 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libevent-2-0-5.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libevent-2-0-5.dll, size = 719217 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libgcc_s_sjlj-1.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libgcc_s_sjlj-1.dll, size = 523262 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libssp-0.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\libssp-0.dll, size = 92599 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\ssleay32.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\ssleay32.dll, size = 400384 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe, size = 2967040 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\zlib1.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\zlib1.dll, size = 107520 |
|
1 | |
| Process | Create | process_name = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe, os_pid = 0x9b4, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:31 (UTC) |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 1445, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:31 (UTC) |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{D773FC21-4FCB-6D43-65D9-FE61A0417768} |
|
1 | |
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Bind | protocol = IPPROTO_TCP, local_address = 127.0.0.1, local_port = 32090 |
|
1 | |
| Socket | Listen | local_address = 127.0.0.1, local_port = 32090, queue_length = 2147483647 |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{86709C2F-2FC5-3C40-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:31 (UTC) |
|
1 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x77280000 |
|
1 | |
| Module | Load | module_name = KERNEL32.DLL, base_address = 0x75dc0000 |
|
1 | |
| Module | Load | module_name = NETAPI32.DLL, base_address = 0x749d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetStatisticsGet, address_out = 0x749d644f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetApiBufferFree, address_out = 0x749c13d2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7728df14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x7728dfc8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\msiexec.exe, base_address = 0x5f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msiexec.exe, function = _OPENSSL_isservice, address_out = 0x0 |
|
1 | |
| Module | Load | module_name = USER32.DLL, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x75802320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorInfo, address_out = 0x7585812f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetQueueStatus, address_out = 0x75803924 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75df735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseToolhelp32Snapshot, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address_out = 0x75e55763 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address_out = 0x75e5594e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address_out = 0x75e55621 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address_out = 0x75e556cb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address_out = 0x75df8ae7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address_out = 0x75df88a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address_out = 0x75e55b93 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address_out = 0x75e55c3f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address_out = 0x75e55cd9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address_out = 0x75e55dc2 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:33 (UTC) |
|
74 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:34 (UTC) |
|
121 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
139 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:36 (UTC) |
|
39 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 9367, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Bind | protocol = IPPROTO_TCP, local_address = 127.0.0.1, local_port = 38078 |
|
1 | |
| Socket | Listen | local_address = 127.0.0.1, local_port = 38078, queue_length = 2147483647 |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 | |
| Socket | Accept | type = SOCK_STREAM |
|
1 | |
| System | Sleep | duration = 10 milliseconds (0.010 seconds) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{E4529D1E-2EF4-5E62-65D9-FE61A0417768} |
|
1 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 378 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Close Session |
|
1 | ||
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 1828, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = checkip.dyndns.org, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = checkip.dyndns.org/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 106 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Close Session |
|
1 | ||
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 5626 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 707 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Close Session |
|
1 | ||
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 3220, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 3315, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 6682, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Xayqzo, size = 2123, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 7244, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{E4529D1D-2EF7-5E62-65D9-FE61A0417768} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = checkip.dyndns.org, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = checkip.dyndns.org/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 106 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Close Session |
|
1 | ||
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Connect | remote_address = 127.0.0.1, remote_port = 9050 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 3, size_out = 3 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1024, size_out = 2 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 22, size_out = 22 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 2, size_out = 2 |
|
1 | |
| Socket | Close | type = SOCK_STREAM |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{E4529D1F-2EF5-5E62-65D9-FE61A0417768} |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.tmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Teetfo\ugav.ocv, type = size, size_out = 0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{1F05FC9E-4F74-A535-65D9-FE61A0417768} |
|
1 | |
| Mutex | Release | mutex_name = Global\{1F05FC9E-4F74-A535-65D9-FE61A0417768} |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{6E93744F-C7A5-D4A3-65D9-FE61A0417768} |
|
1 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 7055, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 1040 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Close Session |
|
1 | ||
| Mutex | Release | mutex_name = Global\{6E93744F-C7A5-D4A3-65D9-FE61A0417768} |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768} |
|
1 | |
| Mutex | Create | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, size = 7055, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), access_type = INTERNET_OPEN_TYPE_DIRECT |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = fortsiretbab.com, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /bdl/gate.php, accept_types = 3289112, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = fortsiretbab.com/bdl/gate.php |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 738 |
|
1 | |
| Inet | Read Response | size = 262144, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
2 | ||
| Inet | Close Session |
|
1 | ||
| Mutex | Release | mutex_name = Global\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768} |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Seto, value_name = Yqlozyzuz, type = REG_BINARY |
|
2 | |
| File | Get Info | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt, size = 1025 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db, type = size, size_out = 65536 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default\cert8.db, size = 65536, size_out = 65536 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, type = size, size_out = 13422020 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Byheq\hybe.ifi, size = 13422020, size_out = 13422020 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe, size = 103936 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\freebl3.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\freebl3.dll, size = 222208 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\libnspr4.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\libnspr4.dll, size = 199680 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\libplc4.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\libplc4.dll, size = 14336 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\libplds4.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\libplds4.dll, size = 12288 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\msvcr100.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\msvcr100.dll, size = 773968 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\nss3.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\nss3.dll, size = 798720 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\nssdbm3.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\nssdbm3.dll, size = 108544 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\nssutil3.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\nssutil3.dll, size = 93696 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\smime3.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\smime3.dll, size = 97792 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll, size = 172544 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\sqlite3.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\sqlite3.dll, size = 423936 |
|
1 | |
| Process | Create | process_name = "C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe" -A -n "yvesl" -t "C,C,C" -i "C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt" -d "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default", os_pid = 0x8e8, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 |
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\taskeng.exe |
| Command Line | taskeng.exe {CFDCF914-63AE-4446-B16F-E0A62E2EE661} S-1-5-21-1836691140-625943148-109919340-1000:AUFDDCNTXWT\aDU0VK IWA5kLS:Interactive:LUA[1] |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:44, Reason: Injection |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:29 |
| Information | Value |
|---|---|
| PID | 0x2b4 |
| Parent PID | 0x354 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B28
0x
114
0x
578
0x
464
0x
438
0x
454
0x
83C
0x
84C
0x
85C
0x
86C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x000affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000140000 | 0x00140000 | 0x00141fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000370000 | 0x00370000 | 0x004f7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000500000 | 0x00500000 | 0x00680fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000690000 | 0x00690000 | 0x01a8ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001a90000 | 0x01a90000 | 0x01e82fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01f3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001f40000 | 0x01f40000 | 0x01f7bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000001f80000 | 0x01f80000 | 0x01ffffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002020000 | 0x02020000 | 0x0209ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000020a0000 | 0x020a0000 | 0x0219ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000021a0000 | 0x021a0000 | 0x0227efff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000022a0000 | 0x022a0000 | 0x0231ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02320000 | 0x025eefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002680000 | 0x02680000 | 0x026fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002770000 | 0x02770000 | 0x027effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027f0000 | 0x027f0000 | 0x028cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002940000 | 0x02940000 | 0x029bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002a70000 | 0x02a70000 | 0x02aeffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002b50000 | 0x02b50000 | 0x02bcffff | Private Memory | Readable, Writable |
|
|
|
|
| kernel32.dll | 0x77320000 | 0x7743efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x77440000 | 0x77539fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| taskeng.exe | 0xffe30000 | 0xffea3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| tschannel.dll | 0x7fef6130000 | 0x7fef6138fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x7fefaec0000 | 0x7fefaed7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x7fefb2a0000 | 0x7fefb2f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| xmllite.dll | 0x7fefb380000 | 0x7fefb3b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ktmw32.dll | 0x7fefb3c0000 | 0x7fefb3c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x7fefca60000 | 0x7fefcaa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wevtapi.dll | 0x7fefcfb0000 | 0x7fefd01cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7fefd350000 | 0x7fefd374fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x7fefd380000 | 0x7fefd38efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrtremote.dll | 0x7fefd470000 | 0x7fefd483fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x7fefd530000 | 0x7fefd53efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7fefd680000 | 0x7fefd6eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x7fefd6f0000 | 0x7fefd856fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7fefd860000 | 0x7fefd98cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x7fefd990000 | 0x7fefda28fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7fefda30000 | 0x7fefda5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7fefdb00000 | 0x7fefdbdafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x7fefdbe0000 | 0x7fefdd57fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7fefdd60000 | 0x7fefddc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7fefddd0000 | 0x7fefded8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x7fefdee0000 | 0x7fefdfa8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x7fefdfb0000 | 0x7fefed37fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7fefed40000 | 0x7fefeddefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x7fefede0000 | 0x7fefefe2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7feff2b0000 | 0x7feff320fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x7feff330000 | 0x7feff33dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x7feff340000 | 0x7feff598fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x7feff5a0000 | 0x7feff5a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7feff5b0000 | 0x7feff5cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7feff5d0000 | 0x7feff6a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x7feff6b0000 | 0x7feff7d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x7feff7e0000 | 0x7feff82cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x7feff860000 | 0x7feff860fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1f40000, size = 245760 |
|
1 | |
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1eb0000, size = 4 |
|
1 | |
| Modify Memory | #8: c:\windows\explorer.exe | 0x698 | address = 0x1eb0004, size = 3056 |
|
1 | |
| Create Remote Thread | #8: c:\windows\explorer.exe | 0x698 | address = 0x1f4ad14 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x77331500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushFileBuffers, address_out = 0x773269f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x773435a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x77342b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x773337a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x773367a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x77329b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x77331260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7732af00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7733bdd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x773907d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetProcessHeap, address_out = 0x77343050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapFree, address_out = 0x77343070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapReAlloc, address_out = 0x77573f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapAlloc, address_out = 0x775933a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x77337070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OutputDebugStringA, address_out = 0x77324f60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Thread32First, address_out = 0x7736aa70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Thread32Next, address_out = 0x7736a980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThread, address_out = 0x77333f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x77341bb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x77336620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MultiByteToWideChar, address_out = 0x77335b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WideCharToMultiByte, address_out = 0x773435f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateMutexW, address_out = 0x773313c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReleaseMutex, address_out = 0x77342b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetLastError, address_out = 0x77342df0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x77331170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x77342dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x77336580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameW, address_out = 0x7732d130 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateEventW, address_out = 0x77335290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitThread, address_out = 0x77586930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x775640f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77568100 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x77337700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessId, address_out = 0x77335a50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77623ad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLCID, address_out = 0x773233a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x773282b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForSingleObject, address_out = 0x77342b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address_out = 0x77343690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleW, address_out = 0x77343730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryW, address_out = 0x77336f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualProtect, address_out = 0x77322ef0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateRemoteThread, address_out = 0x7736c4f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAllocEx, address_out = 0x7736bbd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFreeEx, address_out = 0x7736bb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DuplicateHandle, address_out = 0x77335d10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteProcessMemory, address_out = 0x7736bad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OpenProcess, address_out = 0x7733cad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address_out = 0x773220f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address_out = 0x77321e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x773221e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7732ad70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TerminateProcess, address_out = 0x7736bca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetEvent, address_out = 0x77333f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7732ad90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x77342b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x77342f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x77331870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcmpiA, address_out = 0x773240a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrlenA, address_out = 0x7733caf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteConsoleW, address_out = 0x77333d40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetStdHandle, address_out = 0x7736bce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetConsoleMode, address_out = 0x77342e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetConsoleCP, address_out = 0x773605f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LCMapStringW, address_out = 0x77340dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapSize, address_out = 0x775682d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStringTypeW, address_out = 0x77339060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OutputDebugStringW, address_out = 0x7732b760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryExW, address_out = 0x77336640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCPInfo, address_out = 0x77336ce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetOEMCP, address_out = 0x7733b580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetACP, address_out = 0x77336f90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsValidCodePage, address_out = 0x77339080 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77593000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EnterCriticalSection, address_out = 0x77592fc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x7736cc80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x77328290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlUnwindEx, address_out = 0x77352d90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsFree, address_out = 0x77331590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsSetValue, address_out = 0x77335cd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsGetValue, address_out = 0x77342bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = TlsAlloc, address_out = 0x77337100 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x77339b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x773b9330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlVirtualUnwind, address_out = 0x7736b5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlLookupFunctionEntry, address_out = 0x7736b610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlCaptureContext, address_out = 0x7736b6f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x77336d20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x77336d00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x77333f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x77336500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x773364a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x77338070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77565350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x773364e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileType, address_out = 0x77342e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStdHandle, address_out = 0x7733d750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleExW, address_out = 0x7732b780 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address_out = 0x7732cf10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = RtlPcToFileHeader, address_out = 0x77352d80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DecodePointer, address_out = 0x77569c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EncodePointer, address_out = 0x77573bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineA, address_out = 0x77341e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemInfo, address_out = 0x77336f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualQuery, address_out = 0x7733bd40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ResumeThread, address_out = 0x773313a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SuspendThread, address_out = 0x77322f60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThreadId, address_out = 0x77333ee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = OpenThread, address_out = 0x7733c560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushInstructionCache, address_out = 0x773233e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapCreate, address_out = 0x773370e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x77335cf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadContext, address_out = 0x77322f10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetThreadContext, address_out = 0x77322f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LocalFree, address_out = 0x773347a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7732d910 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7fefdb00000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptHashData, address_out = 0x7fefdb0dac0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x7fefdb089a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x7fefdb11e00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x7fefdb11eb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x7fefdb12040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7fefdb1b5a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x7fefdb1b504 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7fefdb11ed0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExW, address_out = 0x7fefdb1c2d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7fefdb206f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x7fefdb11740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetSidSubAuthority, address_out = 0x7fefdb11754 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7fefdb1b9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x7fefdb1b9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = OpenThreadToken, address_out = 0x7fefdb1bd84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetTokenInformation, address_out = 0x7fefdb1bd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = OpenProcessToken, address_out = 0x7fefdb1bd70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExW, address_out = 0x7fefdb1b520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptReleaseContext, address_out = 0x7fefdb0dd10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyHash, address_out = 0x7fefdb0db00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGetHashParam, address_out = 0x7fefdb0db20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptCreateHash, address_out = 0x7fefdb0dad4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetLengthSid, address_out = 0x7fefdb1b580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7fefdb0d98c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7fefdb1c480 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7fefdb1b5f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7fefdb20710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExA, address_out = 0x7fefdb11dc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExA, address_out = 0x7fefdb11d10 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7feff2b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x7feff2de6c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x7feff2bd014 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x7feff2ba43c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7feff2c3f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathAddExtensionW, address_out = 0x7feff2de630 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = wvnsprintfA, address_out = 0x7feff2e2200 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = wvnsprintfW, address_out = 0x7feff2e22e4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathCombineW, address_out = 0x7feff2c3dfc |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x7fefdfb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = SHGetFolderPathW, address_out = 0x7fefe033ba4 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x77440000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MessageBoxA, address_out = 0x774b12b8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = CharUpperW, address_out = 0x7745b714 |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 18, address_out = 0x7feff7e4da0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 115, address_out = 0x7feff7e4980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 15, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 11, address_out = 0x7feff7e1350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 9, address_out = 0x7feff7e1250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ws2_32.dll, function = 19, address_out = 0x7feff7e8000 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x7feff6b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindFirstUrlCacheEntryW, address_out = 0x7feff747150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = DeleteUrlCacheEntryW, address_out = 0x7feff747050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindNextUrlCacheEntryW, address_out = 0x7feff747500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wininet.dll, function = FindCloseUrlCache, address_out = 0x7feff6be600 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7fefede0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = StringFromGUID2, address_out = 0x7fefee03560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CLSIDFromString, address_out = 0x7fefedf0680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7fefedfa51c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitializeSecurity, address_out = 0x7fefedf8220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoSetProxyBlanket, address_out = 0x7fefee1bf00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7fefee07490 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoUninitialize, address_out = 0x7fefee01314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address_out = 0x7fefee02a30 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x7feff5d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 2, address_out = 0x7feff5d3480 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 6, address_out = 0x7feff5d1320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = 9, address_out = 0x7feff5d1180 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:24 (UTC) |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77320000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77337190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x773315b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x77343520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x7733bd90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x773379b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x7736c4c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x77328050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x77328820 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7755b2f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7754d8c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7754d620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x7736ba80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolWait, address_out = 0x7755e170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7754c540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77591f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7760ec60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77590040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x7736b820 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x77395ad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x7736c3d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CompareStringEx, address_out = 0x7736b980 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDateFormatEx, address_out = 0x773b0920 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x77323c10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTimeFormatEx, address_out = 0x773ad4e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x7736b790 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocaleName, address_out = 0x7736b770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x7736b710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\taskeng.exe, file_name_orig = C:\Windows\system32\taskeng.exe, size = 260 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\windows\system32\taskeng.exe, file_name_orig = C:\Windows\system32\taskeng.exe, size = 260 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x7fefdbe0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\urlmon.dll, function = ObtainUserAgentString, address_out = 0x7fefdc41fa4 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\taskeng.exe, file_name_orig = C:\Windows\system32\taskeng.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Load | module_name = Ws2_32.dll, base_address = 0x7feff7e0000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} |
|
1 |
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe |
| Command Line | "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:51, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:22 |
| Information | Value |
|---|---|
| PID | 0x9b4 |
| Parent PID | 0x65c (c:\windows\syswow64\msiexec.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
918
0x
8BC
0x
8B0
0x
8AC
0x
8A8
0x
900
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x00110000 | 0x0014bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000110000 | 0x00110000 | 0x00122fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| tzres.dll | 0x00110000 | 0x00110fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000120000 | 0x00120000 | 0x00132fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000120000 | 0x00120000 | 0x00126fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000130000 | 0x00130000 | 0x00131fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000140000 | 0x00140000 | 0x00141fff | Pagefile Backed Memory | Readable |
|
|
|
|
| windowsshell.manifest | 0x00150000 | 0x00150fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000150000 | 0x00150000 | 0x00150fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000370000 | 0x00370000 | 0x004f7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000500000 | 0x00500000 | 0x00500fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000510000 | 0x00510000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000590000 | 0x00590000 | 0x00710fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.1.db | 0x00720000 | 0x00723fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000730000 | 0x00730000 | 0x0082ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000830000 | 0x00830000 | 0x0092ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000930000 | 0x00930000 | 0x009dffff | Private Memory | Readable, Writable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db | 0x00930000 | 0x00956fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000960000 | 0x00960000 | 0x00960fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000970000 | 0x00970000 | 0x00987fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000009a0000 | 0x009a0000 | 0x009dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000009f0000 | 0x009f0000 | 0x009fffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x00a00000 | 0x00ccefff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000cd0000 | 0x00cd0000 | 0x00daefff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000db0000 | 0x00db0000 | 0x00deffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000e00000 | 0x00e00000 | 0x00e3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000e40000 | 0x00e40000 | 0x00e7ffff | Private Memory | Readable, Writable |
|
|
|
|
| tor.exe | 0x00ed0000 | 0x011aefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x00000000011b0000 | 0x011b0000 | 0x025affff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000025b0000 | 0x025b0000 | 0x026b0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000025b0000 | 0x025b0000 | 0x0261ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000026b0000 | 0x026b0000 | 0x026effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002750000 | 0x02750000 | 0x0278ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002790000 | 0x02790000 | 0x0298ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002990000 | 0x02990000 | 0x02b8ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002b90000 | 0x02b90000 | 0x02f9ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002b90000 | 0x02b90000 | 0x02f82fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002f90000 | 0x02f90000 | 0x0318ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002fa0000 | 0x02fa0000 | 0x033affff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000031b0000 | 0x031b0000 | 0x033affff | Private Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x033b0000 | 0x0346ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003470000 | 0x03470000 | 0x0387ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003610000 | 0x03610000 | 0x0380ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003880000 | 0x03880000 | 0x03c8ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| libeay32.dll | 0x721a0000 | 0x7238ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x73980000 | 0x73a74fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x73a80000 | 0x73afffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ssleay32.dll | 0x740d0000 | 0x74137fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| libgcc_s_sjlj-1.dll | 0x74140000 | 0x741b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| zlib1.dll | 0x741f0000 | 0x74211fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| libevent-2-0-5.dll | 0x74220000 | 0x742a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| libssp-0.dll | 0x74850000 | 0x7486bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x74990000 | 0x7499efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| srvcli.dll | 0x749a0000 | 0x749b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x749c0000 | 0x749c8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netapi32.dll | 0x749d0000 | 0x749e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74a40000 | 0x74a7afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x74a80000 | 0x74a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshtcpip.dll | 0x74b50000 | 0x74b54fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74cb0000 | 0x74e4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x751b0000 | 0x751d0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dhcpcsvc.dll | 0x751f0000 | 0x75201fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dhcpcsvc6.dll | 0x75210000 | 0x7521cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x75220000 | 0x75226fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x75230000 | 0x7524bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x752e0000 | 0x7543bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x757c0000 | 0x757d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x758e0000 | 0x75962fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x75ca0000 | 0x75cc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x75ed0000 | 0x75f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wldap32.dll | 0x75f60000 | 0x75fa4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x76c30000 | 0x76dccfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\state.tmp | 0.22 KB (221 bytes) |
MD5:
e4d677c20ca290bcfd1d6b243252d2c5
SHA1: e6b63577a0a80a076ee0fb4e84dc257636930d6a SHA256: 268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\state | 0.22 KB (221 bytes) |
MD5:
e4d677c20ca290bcfd1d6b243252d2c5
SHA1: e6b63577a0a80a076ee0fb4e84dc257636930d6a SHA256: 268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus.tmp | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus.tmp | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus | 2.02 MB (2119729 bytes) |
MD5:
119ed7e89f9cb1f141177312c9095c76
SHA1: bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256: d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs.tmp | 18.14 KB (18574 bytes) |
MD5:
1c8c962beaa633f2cced63d4c5ad201f
SHA1: ef528bb119b2568596840d51498c2d9aa39bfbe2 SHA256: c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467 |
|
|
| c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs | 18.14 KB (18574 bytes) |
MD5:
1c8c962beaa633f2cced63d4c5ad201f
SHA1: ef528bb119b2568596840d51498c2d9aa39bfbe2 SHA256: c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2017-08-21 21:05:31 (UTC) |
|
2 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:32 (UTC) |
|
5 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetProcessDEPPolicy, address_out = 0x75deeb9a |
|
1 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x77280000 |
|
1 | |
| Module | Load | module_name = KERNEL32.DLL, base_address = 0x75dc0000 |
|
1 | |
| Module | Load | module_name = NETAPI32.DLL, base_address = 0x749d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetStatisticsGet, address_out = 0x749d644f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetApiBufferFree, address_out = 0x749c13d2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7728df14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x7728dfc8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe, base_address = 0xed0000 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe, function = _OPENSSL_isservice, address_out = 0x0 |
|
1 | |
| Module | Load | module_name = USER32.DLL, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x75802320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorInfo, address_out = 0x7585812f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetQueueStatus, address_out = 0x75803924 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75df735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseToolhelp32Snapshot, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address_out = 0x75e55763 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address_out = 0x75e5594e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address_out = 0x75e55621 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address_out = 0x75e556cb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address_out = 0x75df8ae7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address_out = 0x75df88a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address_out = 0x75e55b93 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address_out = 0x75e55c3f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address_out = 0x75e55cd9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address_out = 0x75e55dc2 |
|
1 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x77280000 |
|
1 | |
| Module | Load | module_name = KERNEL32.DLL, base_address = 0x75dc0000 |
|
1 | |
| Module | Load | module_name = NETAPI32.DLL, base_address = 0x749d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetStatisticsGet, address_out = 0x749d644f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetApiBufferFree, address_out = 0x749c13d2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7728df14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x7728dfc8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = USER32.DLL, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x75802320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorInfo, address_out = 0x7585812f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetQueueStatus, address_out = 0x75803924 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75df735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseToolhelp32Snapshot, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address_out = 0x75e55763 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address_out = 0x75e5594e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address_out = 0x75e55621 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address_out = 0x75e556cb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address_out = 0x75df8ae7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address_out = 0x75df88a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address_out = 0x75e55b93 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address_out = 0x75e55c3f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address_out = 0x75e55cd9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address_out = 0x75e55dc2 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:34 (UTC) |
|
3 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
2 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\iphlpapi.dll, base_address = 0x75230000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersAddresses, address_out = 0x75236a4d |
|
1 | |
| Socket | Create | protocol = IPPROTO_UDP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Connect | remote_address = 18.0.0.1, remote_port = 9 |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Bind | protocol = IPPROTO_IP, local_address = 127.0.0.1, local_port = 0 |
|
1 | |
| Socket | Listen | local_address = 127.0.0.1, local_port = 0, queue_length = 1 |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Connect | remote_address = 127.0.0.1, remote_port = 49172 |
|
1 | |
| Socket | Accept | type = SOCK_STREAM, remote_address_out = 127.0.0.1, remote_port_out = 5568 |
|
1 | |
| Socket | Close | type = SOCK_STREAM |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
1 | |
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Bind | protocol = IPPROTO_TCP, local_address = 127.0.0.1, local_port = 9050 |
|
1 | |
| Socket | Listen | local_address = 127.0.0.1, local_port = 9050, queue_length = 2147483647 |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\lock |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\state.tmp |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\state.tmp, size = 215 |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\router-stability |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\geoip, file_attributes = _O_RDONLY |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\geoip6, file_attributes = _O_RDONLY |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-consensus |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-consensus |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdesc-consensus |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-microdesc-consensus |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-descriptors, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-extrainfo, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
6 | |
| Socket | Accept | type = SOCK_STREAM, remote_address_out = 127.0.0.1, remote_port_out = 4800 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 16384, size_out = 3 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 16381, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 2, size_out = 2 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 16384, size_out = 29 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 16355, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:35 (UTC) |
|
2 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:36 (UTC) |
|
9 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x77280000 |
|
1 | |
| Module | Load | module_name = KERNEL32.DLL, base_address = 0x75dc0000 |
|
1 | |
| Module | Load | module_name = NETAPI32.DLL, base_address = 0x749d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetStatisticsGet, address_out = 0x749d644f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = NetApiBufferFree, address_out = 0x749c13d2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7728df14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x7728dfc8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7728e124 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = USER32.DLL, base_address = 0x757e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x75802320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorInfo, address_out = 0x7585812f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetQueueStatus, address_out = 0x75803924 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75df735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseToolhelp32Snapshot, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address_out = 0x75e55763 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address_out = 0x75e5594e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address_out = 0x75e55621 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address_out = 0x75e556cb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address_out = 0x75df8ae7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address_out = 0x75df88a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address_out = 0x75e55b93 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address_out = 0x75e55c3f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address_out = 0x75e55cd9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address_out = 0x75e55dc2 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
8 | |
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Connect | remote_address = 82.223.21.74, remote_port = 9001 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
8 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\iphlpapi.dll, base_address = 0x75230000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersAddresses, address_out = 0x75236a4d |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\iphlpapi.dll, base_address = 0x75230000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersAddresses, address_out = 0x75236a4d |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 233, size_out = 233 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 7, size_out = -1 |
|
2 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 7, size_out = 7 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 55, size_out = 55 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 450, size_out = 450 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 205, size_out = 205 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 126, size_out = 126 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 40, size_out = 40 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 38, size_out = 38 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1483, size_out = 1483 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
4 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 538, size_out = 538 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
4 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 538, size_out = 538 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
5 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
5 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 553 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3519, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
6 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3519, size_out = 3519 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3560, size_out = 3560 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2448 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1624, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1624, size_out = 1624 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3304, size_out = 3304 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3256 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 816, size_out = -1 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 816, size_out = 816 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3535 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 537, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 537, size_out = 537 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3814 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 258, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 258, size_out = 258 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1048, size_out = 1048 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3048, size_out = 3048 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1304, size_out = 1304 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3816, size_out = 1750 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2066, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2066, size_out = 2066 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4016 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 56, size_out = -1 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 56, size_out = 56 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3816, size_out = 718 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3098, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3098, size_out = 3098 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2752 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1320, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1320, size_out = 1320 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 127 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3945, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3945, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2493, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1041, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1041, size_out = 1041 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1317 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2755, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2755, size_out = 2755 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3280 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 792, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3838 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 234, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 234, size_out = 234 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 11 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4061, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2609, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2609, size_out = 2609 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3473 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 599, size_out = -1 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 599, size_out = 599 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1759 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2313, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2313, size_out = 2313 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2038 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2034, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2034, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 582, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 582, size_out = 582 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2596 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1476, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1476, size_out = 1476 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3816, size_out = 1138 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2678, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1226, size_out = 1226 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3560, size_out = 3560 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3304, size_out = 3304 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1048, size_out = 1048 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3108, size_out = 3108 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1630, size_out = 1630 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 893 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3179, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3179, size_out = 3179 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1172 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2900, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2900, size_out = 2900 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1451 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2621, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2621, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1169, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1169, size_out = 1169 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3622, size_out = 1445 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2177, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2177, size_out = 2177 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
4 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1447 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2625, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2625, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1173, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1173, size_out = 1173 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1758, size_out = 553 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1205, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
3 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1205, size_out = 1205 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3425 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 647, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 647, size_out = 647 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3983 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 89, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 89, size_out = 89 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 280, size_out = 280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3816, size_out = 3816 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3060 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1012, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1012, size_out = 1012 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3339 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 733, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 733, size_out = 733 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2166 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1906, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1906, size_out = 1906 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 536, size_out = 536 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3560, size_out = 3560 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 70 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4002, size_out = -1 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4002, size_out = 4002 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 349 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3723, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3723, size_out = 3723 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 792, size_out = 792 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3304, size_out = 2735 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 569, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 569, size_out = 569 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1157 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2915, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2915, size_out = 2915 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1048, size_out = 263 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 785, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 785, size_out = 785 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3048, size_out = 3048 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 792 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3280, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3280, size_out = 3280 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3975 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 97, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 97, size_out = 97 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1304, size_out = 1304 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2792, size_out = 2792 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1879 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2193, size_out = -1 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2193, size_out = 2193 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1560, size_out = 985 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 575, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 575, size_out = 575 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2536, size_out = 2324 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 212, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 212, size_out = 212 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2966 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1106, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1106, size_out = 1106 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1816, size_out = 1816 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2280, size_out = 251 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2029, size_out = -1 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2029, size_out = 2029 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1428 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2644, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2644, size_out = 2644 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2072, size_out = 2072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2024, size_out = 2024 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 3688 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 384, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 384, size_out = 384 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2328, size_out = 2328 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1768, size_out = 1768 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 140 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3932, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3932, size_out = 3932 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2584, size_out = 2584 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1512, size_out = 1512 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2679 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1393, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1393, size_out = 1393 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 543, size_out = 543 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 169 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3903, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3903, size_out = 3903 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2840, size_out = 1900 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 940, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 940, size_out = 940 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1256, size_out = 1256 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 2150 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1922, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1922, size_out = 1922 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 977 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3095, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1643, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1643, size_out = 1643 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 1256 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2816, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2816, size_out = 2816 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3096, size_out = 3096 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 1057, size_out = 1057 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1000, size_out = 1000 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 4072 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4072, size_out = 612 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3460, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3460, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2008, size_out = 1452 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 556, size_out = 556 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:39 (UTC) |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-microdesc-consensus.tmp |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\unverified-microdesc-consensus.tmp, size = 2078572 |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs.tmp |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs.tmp, size = 2578 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-certs.tmp, size = 2233 |
|
7 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdesc-consensus.tmp |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdesc-consensus.tmp, size = 2078572 |
|
1 | |
| File | Open | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 425 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 395 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 635 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 453 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 693 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 761 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 534 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 684 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 938 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 551 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 425 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 750 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 701 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 425 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 411 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 379 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 402 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 1937 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 713 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 360 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 376 |
|
1 | |
| File | Write | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor\cached-microdescs.new, size = 33 |
|
1 | |
|
For performance reasons, the remaining 249 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\users\adu0vk~1\appdata\local\temp\certutil.exe |
| Command Line | "C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe" -A -n "yvesl" -t "C,C,C" -i "C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt" -d "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:58, Reason: Child Process |
| Unmonitor | End Time: 00:02:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:15 |
| Information | Value |
|---|---|
| PID | 0x8e8 |
| Parent PID | 0x65c (c:\windows\syswow64\msiexec.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | AUFDDCNTXWT\aDU0VK IWA5kLS |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
8EC
0x
A10
0x
A14
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| tzres.dll | 0x000e0000 | 0x000e0fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f6fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000120000 | 0x00120000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000500000 | 0x00500000 | 0x0057ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000780000 | 0x00780000 | 0x00907fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a90fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00bbffff | Private Memory | Readable, Writable |
|
|
|
|
| certutil.exe | 0x00ce0000 | 0x00cfcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000d00000 | 0x00d00000 | 0x020fffff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x02100000 | 0x023cefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000024d0000 | 0x024d0000 | 0x025cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000025d0000 | 0x025d0000 | 0x026cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002710000 | 0x02710000 | 0x0280ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002810000 | 0x02810000 | 0x02c02fff | Pagefile Backed Memory | Readable |
|
|
|
|
| nss3.dll | 0x73640000 | 0x73706fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sqlite3.dll | 0x73b10000 | 0x73b7afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcr100.dll | 0x73b80000 | 0x73c3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x73c40000 | 0x73c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x73ca0000 | 0x73cdefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x73d10000 | 0x73d17fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| freebl3.dll | 0x73f00000 | 0x73f3dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nssdbm3.dll | 0x74020000 | 0x7403dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| softokn3.dll | 0x74040000 | 0x7406cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| smime3.dll | 0x74070000 | 0x7408bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| libnspr4.dll | 0x74090000 | 0x740c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nssutil3.dll | 0x74830000 | 0x74849fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winmm.dll | 0x748e0000 | 0x74911fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| libplds4.dll | 0x74930000 | 0x74936fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wsock32.dll | 0x74a10000 | 0x74a16fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mswsock.dll | 0x74b70000 | 0x74babfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| libplc4.dll | 0x75250000 | 0x75256fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75270000 | 0x7527bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x75440000 | 0x7552ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x757e0000 | 0x758dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x75970000 | 0x75988fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x75ab0000 | 0x75b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75bc0000 | 0x75c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x75cd0000 | 0x75cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75d10000 | 0x75dbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75dc0000 | 0x75ecffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x75fe0000 | 0x76c29fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x76dd0000 | 0x76e04fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76f10000 | 0x76f66fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76f80000 | 0x76fdffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x76fe0000 | 0x76fe9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x77130000 | 0x77175fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77180000 | 0x7721cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77280000 | 0x7731ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000077320000 | 0x77320000 | 0x7743efff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000077440000 | 0x77440000 | 0x77539fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77540000 | 0x776e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77720000 | 0x7789ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75dd4f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75dd1252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75dd4208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75dd359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
2 | |
| Module | Get Filename | process_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe, size = 260 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 | |
| File | Create | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\users\adu0vk~1\appdata\local\temp\nss3.dll, base_address = 0x73640000 |
|
1 | |
| Module | Get Filename | module_name = c:\users\adu0vk~1\appdata\local\temp\nss3.dll, process_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\nss3.dll, size = 260 |
|
1 | |
| Module | Load | module_name = C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll, base_address = 0x74040000 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\softokn3.dll, function = NSC_GetFunctionList, address_out = 0x74047890 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\softokn3.dll, function = NSC_ModuleDBFunc, address_out = 0x74047d40 |
|
1 | |
| Module | Get Handle | module_name = c:\users\adu0vk~1\appdata\local\temp\softokn3.dll, base_address = 0x74040000 |
|
1 | |
| Module | Get Filename | module_name = c:\users\adu0vk~1\appdata\local\temp\softokn3.dll, process_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll, size = 260 |
|
1 | |
| Module | Load | module_name = C:\Users\ADU0VK~1\AppData\Local\Temp\nssdbm3.dll, base_address = 0x74020000 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll, function = legacy_Open, address_out = 0x740297b0 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll, function = legacy_ReadSecmodDB, address_out = 0x74032f20 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll, function = legacy_ReleaseSecmodDBData, address_out = 0x74032b50 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll, function = legacy_DeleteSecmodDB, address_out = 0x74032b90 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll, function = legacy_AddSecmodDB, address_out = 0x74032d30 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll, function = legacy_Shutdown, address_out = 0x74029420 |
|
1 | |
| Module | Get Address | module_name = c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll, function = legacy_SetCryptFunctions, address_out = 0x74029ed0 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db, type = file_type |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db, size = 260, size_out = 260 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/secmod.db, size = 4096, size_out = 4096 |
|
2 | |
| Module | Get Handle | module_name = c:\users\adu0vk~1\appdata\local\temp\softokn3.dll, base_address = 0x74040000 |
|
1 | |
| Module | Get Filename | module_name = c:\users\adu0vk~1\appdata\local\temp\softokn3.dll, process_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, file_name_orig = C:\Users\ADU0VK~1\AppData\Local\Temp\softokn3.dll, size = 260 |
|
1 | |
| Module | Load | module_name = C:\Users\ADU0VK~1\AppData\Local\Temp\freebl3.dll, base_address = 0x73f00000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x77280000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SystemFunction036, address_out = 0x77281919 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| System | Get Computer Name | result_out = AUFDDCNTXWT |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db, type = file_type |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db, size = 260, size_out = 260 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db, size = 16384, size_out = 16384 |
|
1 | |
| File | Create | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db, type = file_type |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db, size = 260, size_out = 260 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/key3.db, size = 4096, size_out = 4096 |
|
1 | |
| Module | Load | module_name = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/nssckbi.dll, base_address = 0x0 |
|
1 | |
| File | Get Info | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt, type = attributes,time,size,volserialno |
|
1 | |
| File | Read | filename = C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt, size = 1025, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default/cert8.db, size = 16384, size_out = 16384 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-08-21 21:05:38 (UTC) |
|
3 | |
| Module | Get Handle | module_name = c:\users\adu0vk~1\appdata\local\temp\certutil.exe, base_address = 0xce0000 |
|
1 | |
| Module | Get Handle | module_name = mscoree.dll, base_address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
2 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75dc0000 |
|
1 |
