Host | Resolved to | Country | City | Protocol |
---|---|---|---|---|
calster.be | HTTP | |||
212.109.220.109 | RU | HTTP |
Information | Value |
---|---|
ID | #1 |
File Name | c:\program files\microsoft office\root\office16\winword.exe |
Command Line | "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" |
Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
Monitor | Start Time: 00:00:19, Reason: Analysis Target |
Unmonitor | End Time: 00:02:25, Reason: Terminated by Timeout |
Monitor Duration | 00:02:06 |
Information | Value |
---|---|
PID | 0x9d8 |
Parent PID | 0x57c (Unknown) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | YKYD69Q\aETAdzjz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
A68
0x
A50
0x
A30
0x
A2C
0x
A28
0x
A24
0x
A20
0x
A1C
0x
A04
0x
9F8
0x
9F0
0x
9EC
0x
9E8
0x
9DC
0x
A7C
0x
A88
0x
A90
0x
A94
0x
A98
0x
A9C
0x
AAC
0x
AB0
0x
AB4
0x
AB8
0x
ABC
0x
AC0
0x
AC4
0x
AC8
0x
B14
0x
B40
0x
B44
0x
B48
0x
B60
0x
B64
0x
B84
0x
874
0x
960
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00020fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00043fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x001cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x002effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000300000 | 0x00300000 | 0x00306fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000310000 | 0x00310000 | 0x00311fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000340000 | 0x00340000 | 0x00341fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000350000 | 0x00350000 | 0x00351fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000360000 | 0x00360000 | 0x00362fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x0037ffff | Private Memory |
|
||||
pagefile_0x0000000000380000 | 0x00380000 | 0x00382fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000390000 | 0x00390000 | 0x00392fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000003a0000 | 0x003a0000 | 0x003a2fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000003c0000 | 0x003c0000 | 0x003c7fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000003e0000 | 0x003e0000 | 0x004dffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000004e0000 | 0x004e0000 | 0x00667fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000680000 | 0x00680000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000690000 | 0x00690000 | 0x00810fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000820000 | 0x00820000 | 0x01c1ffff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x01c20000 | 0x01eeefff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000001ef0000 | 0x01ef0000 | 0x022e2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000022f0000 | 0x022f0000 | 0x023effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000023f0000 | 0x023f0000 | 0x0242ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002430000 | 0x02430000 | 0x02430fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002440000 | 0x02440000 | 0x02440fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002460000 | 0x02460000 | 0x02460fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002470000 | 0x02470000 | 0x02474fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000002480000 | 0x02480000 | 0x0248ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002490000 | 0x02490000 | 0x0256efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002570000 | 0x02570000 | 0x02597fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000025d0000 | 0x025d0000 | 0x025d1fff | Pagefile Backed Memory | Readable |
|
|||
msxml6r.dll | 0x025e0000 | 0x025e0fff | Memory Mapped File | Readable |
|
|||
private_0x00000000025f0000 | 0x025f0000 | 0x0266ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x02670000 | 0x0272ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002730000 | 0x02730000 | 0x0279afff | Private Memory | Readable, Writable |
|
|||
cfgmgr32.dll | 0x027a0000 | 0x027d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x00000000027e0000 | 0x027e0000 | 0x027e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000027f0000 | 0x027f0000 | 0x028effff | Private Memory | Readable, Writable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db | 0x028f0000 | 0x0290efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002910000 | 0x02910000 | 0x02910fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002920000 | 0x02920000 | 0x02921fff | Pagefile Backed Memory | Readable |
|
|||
c_1255.nls | 0x02930000 | 0x02940fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002950000 | 0x02950000 | 0x0295ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002960000 | 0x02960000 | 0x0297ffff | Private Memory |
|
||||
private_0x0000000002980000 | 0x02980000 | 0x029fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a00000 | 0x02a00000 | 0x02a1ffff | Private Memory |
|
||||
private_0x0000000002a20000 | 0x02a20000 | 0x02a3efff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a40000 | 0x02a40000 | 0x02b3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b40000 | 0x02b40000 | 0x02b5ffff | Private Memory |
|
||||
private_0x0000000002b60000 | 0x02b60000 | 0x02b7ffff | Private Memory |
|
||||
onbttnwd.dll | 0x02b80000 | 0x02b84fff | Memory Mapped File | Readable |
|
|||
stdole2.tlb | 0x02b90000 | 0x02b93fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002ba0000 | 0x02ba0000 | 0x02c9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ca0000 | 0x02ca0000 | 0x02e9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ea0000 | 0x02ea0000 | 0x02fd1fff | Private Memory | Readable, Writable |
|
|||
segoeui.ttf | 0x02fe0000 | 0x0305efff | Memory Mapped File | Readable |
|
|||
private_0x0000000003070000 | 0x03070000 | 0x0307ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030a0000 | 0x030a0000 | 0x0319ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003220000 | 0x03220000 | 0x0331ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003320000 | 0x03320000 | 0x0341ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003420000 | 0x03420000 | 0x0342ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003460000 | 0x03460000 | 0x0355ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000003560000 | 0x03560000 | 0x0395ffff | Pagefile Backed Memory | Readable |
|
|||
staticcache.dat | 0x03960000 | 0x0428ffff | Memory Mapped File | Readable |
|
|||
private_0x0000000004290000 | 0x04290000 | 0x0438ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000043e0000 | 0x043e0000 | 0x044dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004530000 | 0x04530000 | 0x0462ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004670000 | 0x04670000 | 0x0476ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004780000 | 0x04780000 | 0x047fffff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000004800000 | 0x04800000 | 0x04ffffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000005000000 | 0x05000000 | 0x050fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005100000 | 0x05100000 | 0x051fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005200000 | 0x05200000 | 0x052fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000053c0000 | 0x053c0000 | 0x053cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000053d0000 | 0x053d0000 | 0x057cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000057d0000 | 0x057d0000 | 0x067cffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000006860000 | 0x06860000 | 0x068dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000069a0000 | 0x069a0000 | 0x06a1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006ab0000 | 0x06ab0000 | 0x06b2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006b30000 | 0x06b30000 | 0x06f2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006f50000 | 0x06f50000 | 0x0704ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007050000 | 0x07050000 | 0x0784ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007850000 | 0x07850000 | 0x07c50fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007c60000 | 0x07c60000 | 0x08060fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008070000 | 0x08070000 | 0x08470fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008480000 | 0x08480000 | 0x0867ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008680000 | 0x08680000 | 0x08b3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008b40000 | 0x08b40000 | 0x08f3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000008f40000 | 0x08f40000 | 0x0903ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000036fc0000 | 0x36fc0000 | 0x36fcffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x000000006fff0000 | 0x6fff0000 | 0x6fffffff | Private Memory | Readable, Writable, Executable |
|
|||
osppc.dll | 0x744f0000 | 0x74522fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76fb0000 | 0x770a9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x770b0000 | 0x771cefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x771d0000 | 0x77378fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x773a0000 | 0x773a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
winword.exe | 0x13f3f0000 | 0x13f5cafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000007febdf90000 | 0x7febdf90000 | 0x7febdf9ffff | Private Memory | Readable, Writable, Executable |
|
|||
chart.dll | 0x7fee3f20000 | 0x7fee4a18fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
riched20.dll | 0x7fee4a20000 | 0x7fee4c42fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msptls.dll | 0x7fee4d70000 | 0x7fee4edffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msointl.dll | 0x7fee4ee0000 | 0x7fee505afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wwintl.dll | 0x7fee5060000 | 0x7fee511bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msores.dll | 0x7fee5120000 | 0x7fee9f5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso99lres.dll | 0x7fee9f60000 | 0x7feea880fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso40uires.dll | 0x7feea890000 | 0x7feeab97fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso.dll | 0x7feeaba0000 | 0x7feebe7bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso99lwin32client.dll | 0x7feebe80000 | 0x7feec64bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso40uiwin32client.dll | 0x7feec650000 | 0x7feecf3afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso30win32client.dll | 0x7feecf40000 | 0x7feed3b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mso20win32client.dll | 0x7feed3c0000 | 0x7feed6c3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oart.dll | 0x7feed6d0000 | 0x7feee83bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wwlib.dll | 0x7feee840000 | 0x7fef0bdefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoreei.dll | 0x7fef0d70000 | 0x7fef0e08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwrite.dll | 0x7fef0e10000 | 0x7fef0f8dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d10warp.dll | 0x7fef0f90000 | 0x7fef115ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
onbttnwd.dll | 0x7fef11e0000 | 0x7fef1219fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mlang.dll | 0x7fef1220000 | 0x7fef125afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoree.dll | 0x7fef1710000 | 0x7fef177efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d11.dll | 0x7fef1780000 | 0x7fef1845fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msointl30.dll | 0x7fef18f0000 | 0x7fef18fefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sppc.dll | 0x7fef1900000 | 0x7fef1926fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x7fef3a40000 | 0x7fef3a4bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msxml6.dll | 0x7fef3ee0000 | 0x7fef40d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winspool.drv | 0x7fef41b0000 | 0x7fef4220fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
api-ms-win-core-file-l1-2-0.dll | 0x7fef45e0000 | 0x7fef45e2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
api-ms-win-core-processthreads-l1-1-1.dll | 0x7fef45f0000 | 0x7fef45f2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
api-ms-win-core-synch-l1-2-0.dll | 0x7fef4600000 | 0x7fef4602fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
api-ms-win-core-localization-l1-2-0.dll | 0x7fef4610000 | 0x7fef4612fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
api-ms-win-core-file-l2-1-0.dll | 0x7fef4620000 | 0x7fef4622fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
api-ms-win-core-timezone-l1-1-0.dll | 0x7fef4630000 | 0x7fef4632fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
For performance reasons, the remaining 400 entries are omitted.
The remaining entries can be found in flog.txt. |
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\aetadzjz\appdata\local\temp\agraba8.exe | 606.00 KB (620544 bytes) |
MD5:
91a61e3be9cc7251972f6ee8d4836cb4
SHA1: f78c091a623c605e74511dd80d1a48376c2c4145 SHA256: 3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca |
|
|
c:\users\aetadzjz\appdata\local\temp\~dfe5d8e3f73a92a76c.tmp | 0.50 KB (512 bytes) |
MD5:
bf619eac0cdf3f68d496ea9344137e8b
SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560 |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
Module | Get Handle | module_name = Unknown module name, base_address = 0x7fef8e10000 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = MsiProvideQualifiedComponentA, address_out = 0x7fef8e93b3c | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = MsiGetProductCodeA, address_out = 0x7fef8e8a13c | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = MsiReinstallFeatureA, address_out = 0x7fef8e91618 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = MsiProvideComponentA, address_out = 0x7fef8e8f088 | 1 |
Fn
|
|
Module | Get Handle | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x0 | 1 |
Fn
|
|
Module | Load | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x7fee3450000 | 1 |
Fn
|
|
Environment | Get Environment String | name = DDRYBUR | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Licenses | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7, data = } | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\system32\user32.dll, base_address = 0x76fb0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address_out = 0x76fc94f0 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address_out = 0x76fc5f08 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromRect, address_out = 0x76fc2b00 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address_out = 0x76fbab64 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address_out = 0x76fc5c30 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoA, address_out = 0x76fba730 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayDevicesA, address_out = 0x76fba5b4 | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
Module | Get Handle | module_name = oleaut32.dll, base_address = 0x7fefd620000 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = DispCallFunc, address_out = 0x7fefd622270 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = LoadTypeLibEx, address_out = 0x7fefd62a550 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = UnRegisterTypeLib, address_out = 0x7fefd6b20d0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = CreateTypeLib2, address_out = 0x7fefd6adbd0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDateFromUdate, address_out = 0x7fefd625c90 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarUdateFromDate, address_out = 0x7fefd626330 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = GetAltMonthNames, address_out = 0x7fefd6466c0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarNumFromParseNum, address_out = 0x7fefd624710 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarParseNumFromStr, address_out = 0x7fefd6248f0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDecFromR4, address_out = 0x7fefd65b640 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDecFromR8, address_out = 0x7fefd65b360 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDecFromDate, address_out = 0x7fefd662640 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDecFromI4, address_out = 0x7fefd6458a0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDecFromCy, address_out = 0x7fefd645820 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarR4FromDec, address_out = 0x7fefd65af20 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromTypeInfo, address_out = 0x7fefd67a0c0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromGuids, address_out = 0x7fefd6b2160 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = SafeArrayGetRecordInfo, address_out = 0x7fefd645af0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = SafeArraySetRecordInfo, address_out = 0x7fefd645a90 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = SafeArrayGetIID, address_out = 0x7fefd645a60 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = SafeArraySetIID, address_out = 0x7fefd645a30 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = SafeArrayCopyData, address_out = 0x7fefd6260b0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = SafeArrayAllocDescriptorEx, address_out = 0x7fefd623e90 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = SafeArrayCreateEx, address_out = 0x7fefd679f80 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarFormat, address_out = 0x7fefd6a9b20 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarFormatDateTime, address_out = 0x7fefd6a9aa0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarFormatNumber, address_out = 0x7fefd6a9990 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarFormatPercent, address_out = 0x7fefd6a9890 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarFormatCurrency, address_out = 0x7fefd6a9770 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarWeekdayName, address_out = 0x7fefd68b8d0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarMonthName, address_out = 0x7fefd68b800 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarAdd, address_out = 0x7fefd6a48e0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarAnd, address_out = 0x7fefd6a9470 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarCat, address_out = 0x7fefd6a96a0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDiv, address_out = 0x7fefd6a2fe0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarEqv, address_out = 0x7fefd6a9cf0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarIdiv, address_out = 0x7fefd6a8ff0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarImp, address_out = 0x7fefd6a9c00 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarMod, address_out = 0x7fefd6a8e60 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarMul, address_out = 0x7fefd6a3690 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarOr, address_out = 0x7fefd6a92d0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarPow, address_out = 0x7fefd6a2e80 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarSub, address_out = 0x7fefd6a3f90 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarXor, address_out = 0x7fefd6a91a0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarAbs, address_out = 0x7fefd687c30 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarFix, address_out = 0x7fefd687a60 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarInt, address_out = 0x7fefd687890 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarNeg, address_out = 0x7fefd687ea0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarNot, address_out = 0x7fefd6a9600 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarRound, address_out = 0x7fefd6876a0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarCmp, address_out = 0x7fefd6a83f0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDecAdd, address_out = 0x7fefd653070 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarDecCmp, address_out = 0x7fefd65d700 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarBstrCat, address_out = 0x7fefd65d890 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarCyMulI4, address_out = 0x7fefd63caf0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VarBstrCmp, address_out = 0x7fefd648a00 | 1 |
Fn
|
|
Module | Get Handle | module_name = ole32.dll, base_address = 0x7fefde40000 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = CoCreateInstanceEx, address_out = 0x7fefde4de90 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = CLSIDFromProgIDEx, address_out = 0x7fefde5a4c4 | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:32 (Local Time) | 2 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = RequireDeclaration, data = 36, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = CompileOnDemand, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = NotifyUserBeforeStateLoss, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BackGroundCompile, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnAllErrors, data = 255, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnServerErrors, data = 0, type = REG_NONE | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = MsoMultiByteToWideChar, address_out = 0x7fee345f200 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 | 1 |
Fn
|
|
Registry | Open Key | reg_name = win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64, data = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64, data = C:\Windows\system32\FM20.DLL | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:33 (Local Time) | 7 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32, value_name = ThreadingModel, data = 65 | 1 |
Fn
|
|
System | Get Cursor | x_out = 270, y_out = 190 | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:33 (Local Time) | 2 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 | 1 |
Fn
|
|
Registry | Open Key | reg_name = win64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:33 (Local Time) | 1 |
Fn
|
|
System | Get Cursor | x_out = 270, y_out = 190 | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:33 (Local Time) | 7 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Typelib | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} | 1 |
Fn
|
|
Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100} | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Control | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Insertable | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 13 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = PropertiesWindow, data = 4 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 2 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0\Addins64 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 5 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = MainWindow, data = 0 | 1 |
Fn
|
|
COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER | 1 |
Fn
|
|
Window | Set Attribute | index = 18446744073709551596, new_long = 262401 | 1 |
Fn
|
|
Window | Set Attribute | index = 0, new_long = 0 | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:35 (Local Time) | 3 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 711, address_out = 0x7fee3a59eb0 | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:35 (Local Time) | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 716, address_out = 0x7fee3a19158 | 1 |
Fn
|
|
COM | Get Class ID | cls_id = ED8C108E-4349-11D2-91A4-00C04F7969E8, prog_id = Microsoft.XMLHTTP | 1 |
Fn
|
|
COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER | 1 |
Fn
|
|
Window | Set Attribute | index = 18446744073709551596, new_long = 262401 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 712, address_out = 0x7fee3a5a03c | 1 |
Fn
|
|
COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = Wscript.shell | 1 |
Fn
|
|
COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER | 1 |
Fn
|
|
COM | Get Class ID | cls_id = 00000566-0000-0010-8000-00AA006D2EA4, prog_id = Adodb.streaM | 1 |
Fn
|
|
COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER | 1 |
Fn
|
|
COM | Get Class ID | cls_id = 13709620-C279-11CE-A49E-444553540000, prog_id = shell.Application | 1 |
Fn
|
|
COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 685, address_out = 0x7fee3738ff4 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 715, address_out = 0x7fee39d5aa0 | 1 |
Fn
|
|
Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS | 1 |
Fn
|
|
Inet | Open Connection | protocol = http, server_name = calster.be, server_port = 80 | 1 |
Fn
|
|
Inet | Open HTTP Request | http_verb = GeT, http_version = HTTP 1.1, target_resource = /87wifhFsdf | 1 |
Fn
|
|
Inet | Send HTTP Request | url = http://calster.be/87wifhFsdf | 2 |
Fn
|
|
Inet | Receive HTTP Status | status = 200 | 1 |
Fn
|
|
System | Get Time | type = Local Time, time = 2017-08-17 13:53:48 (Local Time) | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 581, address_out = 0x7fee381ea78 | 1 |
Fn
|
|
Inet | Read Response | size_out = 620544 | 1 |
Fn
Data
|
|
File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe | 1 |
Fn
|
|
File | Write | filename = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, size = 620544 | 1 |
Fn
Data
|
|
System | Get Cursor | x_out = 471, y_out = 172 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 711, address_out = 0x7fee3a59eb0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 716, address_out = 0x7fee3a19158 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 712, address_out = 0x7fee3a5a03c | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 685, address_out = 0x7fee3738ff4 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 715, address_out = 0x7fee39d5aa0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 581, address_out = 0x7fee381ea78 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 711, address_out = 0x7fee3a59eb0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 716, address_out = 0x7fee3a19158 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 712, address_out = 0x7fee3a5a03c | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 685, address_out = 0x7fee3738ff4 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 715, address_out = 0x7fee39d5aa0 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = 581, address_out = 0x7fee381ea78 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 5 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | 2 |
Fn
|
Information | Value |
---|---|
ID | #2 |
File Name | c:\users\aetadzjz\appdata\local\temp\agraba8.exe |
Command Line | "C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe" |
Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
Monitor | Start Time: 00:00:45, Reason: Child Process |
Unmonitor | End Time: 00:02:25, Reason: Terminated by Timeout |
Monitor Duration | 00:01:40 |
Information | Value |
---|---|
PID | 0xb68 |
Parent PID | 0x9d8 (c:\program files\microsoft office\root\office16\winword.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | YKYD69Q\aETAdzjz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
B6C
0x
B90
0x
894
0x
8A4
0x
8B4
0x
8C4
0x
8D4
0x
880
0x
8D0
0x
900
0x
9E4
0x
ACC
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000260000 | 0x00260000 | 0x00261fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000270000 | 0x00270000 | 0x00276fff | Private Memory | Readable, Writable |
|
|||
windowsshell.manifest | 0x00280000 | 0x00280fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000280000 | 0x00280000 | 0x00280fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000290000 | 0x00290000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000310000 | 0x00310000 | 0x00391fff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x003a0000 | 0x003dbfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x003a0000 | 0x003dbfff | Memory Mapped File | Readable |
|
|||
private_0x00000000003a0000 | 0x003a0000 | 0x003dffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e1fff | Pagefile Backed Memory | Readable |
|
|||
index.dat | 0x003f0000 | 0x003fbfff | Memory Mapped File | Readable, Writable |
|
|||
agraba8.exe | 0x00400000 | 0x004d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000004e0000 | 0x004e0000 | 0x0051ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000520000 | 0x00520000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x00560000 | 0x00567fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000580000 | 0x00580000 | 0x005bffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x005c0000 | 0x005cffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000005d0000 | 0x005d0000 | 0x006cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006d0000 | 0x006d0000 | 0x007cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000007d0000 | 0x007d0000 | 0x0080ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000810000 | 0x00810000 | 0x0081ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000820000 | 0x00820000 | 0x009a7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000009b0000 | 0x009b0000 | 0x00b30fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000b40000 | 0x00b40000 | 0x01f3ffff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x01f40000 | 0x0220efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002210000 | 0x02210000 | 0x0240ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002210000 | 0x02210000 | 0x022eefff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000022f0000 | 0x022f0000 | 0x0232ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002330000 | 0x02330000 | 0x02330fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000002340000 | 0x02340000 | 0x0239ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002340000 | 0x02340000 | 0x02340fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002340000 | 0x02340000 | 0x02340fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000002350000 | 0x02350000 | 0x02356fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002360000 | 0x02360000 | 0x0239ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000023a0000 | 0x023a0000 | 0x023cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000023a0000 | 0x023a0000 | 0x023a1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000023c0000 | 0x023c0000 | 0x023cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000023d0000 | 0x023d0000 | 0x0240ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002410000 | 0x02410000 | 0x0257ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002410000 | 0x02410000 | 0x0244ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002450000 | 0x02450000 | 0x0248ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002490000 | 0x02490000 | 0x024dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002490000 | 0x02490000 | 0x024cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024d0000 | 0x024d0000 | 0x024dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024e0000 | 0x024e0000 | 0x0251ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002540000 | 0x02540000 | 0x0257ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002580000 | 0x02580000 | 0x0279ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002580000 | 0x02580000 | 0x0267ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002760000 | 0x02760000 | 0x0279ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027a0000 | 0x027a0000 | 0x0297ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027a0000 | 0x027a0000 | 0x0289ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000028a0000 | 0x028a0000 | 0x0299ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000029a0000 | 0x029a0000 | 0x02d92fff | Pagefile Backed Memory | Readable |
|
|||
uxtheme.dll | 0x738c0000 | 0x7393ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73a80000 | 0x73adbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ae0000 | 0x73b1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73b50000 | 0x73b57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
davclnt.dll | 0x745d0000 | 0x745e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntlanman.dll | 0x745f0000 | 0x74603fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winsta.dll | 0x74610000 | 0x74638fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
drprov.dll | 0x74640000 | 0x74647fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74650000 | 0x74654fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74660000 | 0x7469bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x746a0000 | 0x746a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x746b0000 | 0x746bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x746c0000 | 0x74711fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74720000 | 0x748bdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sensapi.dll | 0x748d0000 | 0x748d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rtutils.dll | 0x748e0000 | 0x748ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x748f0000 | 0x74904fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74910000 | 0x74916fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74920000 | 0x7493bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74940000 | 0x74983fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x74990000 | 0x7499afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x749a0000 | 0x749c0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x749d0000 | 0x74a0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74a10000 | 0x74a25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dsrole.dll | 0x74a30000 | 0x74a38fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74a40000 | 0x74a4efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x74a50000 | 0x74a68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x74a70000 | 0x74a80fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mpr.dll | 0x74a90000 | 0x74aa1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappgnui.dll | 0x74ab0000 | 0x74acafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptdll.dll | 0x74ad0000 | 0x74ae0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clusapi.dll | 0x74af0000 | 0x74b2afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
resutils.dll | 0x74b30000 | 0x74b43fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comsvcs.dll | 0x74b50000 | 0x74c85fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
certcli.dll | 0x74c90000 | 0x74ce5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x74dd0000 | 0x74dd8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x74de0000 | 0x74df3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x74f00000 | 0x74f0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74f10000 | 0x74f6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x74f70000 | 0x750cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x750d0000 | 0x7516cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x75170000 | 0x751b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x751c0000 | 0x751c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x751d0000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x752e0000 | 0x753abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x753b0000 | 0x754e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x754f0000 | 0x75516fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75520000 | 0x755aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x755d0000 | 0x7567bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75780000 | 0x757d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x757e0000 | 0x758cffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x758d0000 | 0x758dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x758e0000 | 0x75adafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x75b40000 | 0x75b9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x75ba0000 | 0x75c94fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x75ca0000 | 0x75ce5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75cf0000 | 0x76939fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76ae0000 | 0x76b14fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76b20000 | 0x76baffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76c40000 | 0x76c58fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76cf0000 | 0x76e0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76e10000 | 0x76f0ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x76f10000 | 0x76faffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076fb0000 | 0x76fb0000 | 0x770a9fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000770b0000 | 0x770b0000 | 0x771cefff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x771d0000 | 0x77378fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x77380000 | 0x77385fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x773b0000 | 0x7752ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 64 entries are omitted.
The remaining entries can be found in flog.txt. |
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\aetadzjz\documents\lukitus-2446.htm | 8.67 KB (8874 bytes) |
MD5:
03ba639109a5ad5406f423d1d4d472fa
SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f |
|
|
c:\users\aetadzjz\documents\fwkh\lukitus-547b.htm | 8.67 KB (8874 bytes) |
MD5:
03ba639109a5ad5406f423d1d4d472fa
SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f |
|
|
c:\users\aetadzjz\desktop\lukitus-b59f.htm | 8.67 KB (8874 bytes) |
MD5:
03ba639109a5ad5406f423d1d4d472fa
SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f |
|
|
c:\users\aetadzjz\desktop\lukitus.htm | 8.67 KB (8874 bytes) |
MD5:
03ba639109a5ad5406f423d1d4d472fa
SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f |
|
|
c:\users\aetadzjz\desktop\lukitus.bmp | 3.55 MB (3721466 bytes) |
MD5:
08f38151ed738d7bc5878b5dd106e524
SHA1: fa1a19df5a1788772d07a5f11874ee77b7efd7fb SHA256: c2b5da0c579930ad5351749d20b702f62f31019bd4c2fda471aadb36b404bb24 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-93ff195c-3bb52d679ddb.lukitus | 49.28 KB (50458 bytes) |
MD5:
73098251fc1b59b50a2cb4c346d0571f
SHA1: f1f2e412a8cd55d5d611a7e3d7d8ad7692ba3904 SHA256: 11e3593f0c2516fae2140cf958637816e1c022a764effe30e34b870469e51fcf |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-b1dc6762-4f6cbab10e0b.lukitus | 81.82 KB (83779 bytes) |
MD5:
6abad91ef2ea344540ffc34da13283b6
SHA1: 444af778f297eccb339123c5959f07a8f89b4224 SHA256: 0f1be91f6d873b31a92eb731c8724746101f75f78a758afcd1516957ec5dc43f |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-1fc77e46-75d0d332d675.lukitus | 17.92 KB (18350 bytes) |
MD5:
776ba4d91050761e680a84012e71145b
SHA1: f57630ed5b959114fe4d1c15fb41fdbeea492764 SHA256: 17ee0c6ce1f0f32f4661c5aea15558cf056a6bdb20241a2094dc5f3b28d1a6e0 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-f71e2d7c-1a58c58cde47.lukitus | 29.66 KB (30374 bytes) |
MD5:
a50862100d2462158111dcc9938ff0af
SHA1: d7f39e3759e9360dd5629aa202acd3699409aa0a SHA256: 674cd1b6db3d4f950ab79a328944aeaffc2811020ef10bc0ff55fcc037aeabe7 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-68c82df1-14b4d804bd61.lukitus | 68.98 KB (70634 bytes) |
MD5:
772a87a10bc58301219c75e82450f9d5
SHA1: a40f092d065c3a19b9529198fe98d5eb4f170601 SHA256: ffda15c8587df4ba7a0529d32594b6f46f9b99e8d1e6c16f5f9e18614bcd493c |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-49cf61ee-57465675bb4a.lukitus | 0.97 KB (998 bytes) |
MD5:
9e0b618eea6c393041ab77e094c91cdf
SHA1: 45837778384830ce66481c4b3605f60ff55c3bf3 SHA256: c0a44b8e12f625b0c73a5bcdf7cc38b0bc3152c16828ceb3c4232fc2d3eea4aa |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-1e43a153-b4fa5bd13c64.lukitus | 58.45 KB (59848 bytes) |
MD5:
dca25bc771722b0031cd105fe3afb3de
SHA1: 40c83aacedbac1f5dabb83f01b4108745a619455 SHA256: 9afc3f3637a2782cd25e488df9584bec16c21e41c0d12c8bae65588976fccabb |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-746c6c5a-dddafa9fe1bd.lukitus | 87.29 KB (89384 bytes) |
MD5:
1265daa90eedb3c9b3ec895a7e2cc859
SHA1: f756f23b8f219dd1a177efd5067d33895df91eba SHA256: 44c237217af69cc53029b4335a8bf8f7c920494a683a857122b432d698fcf40b |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-d050f35d-df08fe665915.lukitus | 76.55 KB (78385 bytes) |
MD5:
b9d9f966203227eda7672af260d586b5
SHA1: 445fbf1d9de7746bd9f3abc64a580b6ac2806b6d SHA256: 144ba74c09c895dce58edace591b7e263326b38368c030a86de17061e82a1d8b |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-6562ef8e-9356a0b9d778.lukitus | 7.42 KB (7603 bytes) |
MD5:
bf911c31fe23672abda64b65389368f0
SHA1: 0519b3dc9527c0ffc2f0cd9e84ebc8bac072e291 SHA256: 7b44f04bfd993affe249736dbbe704776ca010f61babf56c93c730094b282a74 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-02ddbb2e-dda7eef606e5.lukitus | 74.75 KB (76545 bytes) |
MD5:
4fc9141920f3a9a5d2267c61332fc10e
SHA1: 83958705c423b40e7cde22ba24fc4efb881695d1 SHA256: 4f574655f1fcc3084f0008008ab6c986fcd988602591aa6b9aa0af4ae8cc49bc |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-dd1f464e-1d4279836981.lukitus | 79.69 KB (81599 bytes) |
MD5:
7e7be556fe089933e12989e93bee08fd
SHA1: 3a776d1c6650c69a2c7bd1b944b45b038df9b0b3 SHA256: 07860428399bba38220f9ba9513d34b4dca67da2927fcdb7382f9129000b824c |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-7ccb072c-c1747aea88b6.lukitus | 94.15 KB (96408 bytes) |
MD5:
fb5d26ae8d42dca9f83189a46d7aafe6
SHA1: 4244ea22d4acbf5bb1ad36ecdb2b764166f1e92e SHA256: d71b7fb4437a0406ad8f9874529946f5856714b53e38e831a8f4eeebcea3872a |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-6f1f87e1-0611de322330.lukitus | 83.48 KB (85483 bytes) |
MD5:
6a52bfb9267d0f422a0184a0fe14d6f5
SHA1: b4133b1d05faa54df705f30a46c433a43014da51 SHA256: e2015345d5922a8fe3676a1c7e8c940d64d169b1b8b7f5630052b49234f3c552 |
|
|
c:\users\aetadzjz\documents\onenote notebooks\my notebook\f56924be-9663-41bb-93122862-1b3365d6fc4a.lukitus | 6.86 KB (7020 bytes) |
MD5:
885fda6005971a82db16ad2bd29041a4
SHA1: 1c406fd6df0744789ec498a1abf925ad8ec60a3a SHA256: a5f248aec0548330dbb26391181cff2f72849242524d84870c8e30d7423c5b5e |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-7f7df4f3-fee5a0f835d8.lukitus | 61.93 KB (63412 bytes) |
MD5:
c54fc8af819d898b850ac5fdd43254ed
SHA1: 7bcc4fae19b21c006c7425add419be78de3f1a68 SHA256: 72a36bd4de31602c8dd2e6eb16786c95f11cb307d0dd5ef5ff78bfe3edf0274d |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-42da6451-74994b3b23eb.lukitus | 34.90 KB (35738 bytes) |
MD5:
c65660792799d623f815201d4ed54c7d
SHA1: 264c33cb60857a0dfd1b4d9d8f766188f8886e8c SHA256: 99c93e6b9ab37b41c663069c5355756c3a7d05fd75552452c2421dc877f743e3 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-e0725b46-87ead7fbfed8.lukitus | 87.14 KB (89228 bytes) |
MD5:
194a630851f7e2e2f5e013b0ab70e94e
SHA1: 12f1365c7d8b0b5006eb5f7e660f34e6a2be5ffa SHA256: 58d6317026fb76718b3b13e75763750a069dd1d491d260be1dd09ac2b4d618f9 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-527c0c14-e324030a4a6e.lukitus | 98.75 KB (101122 bytes) |
MD5:
b2e545b0b9f937ee1514f461838326c3
SHA1: 83fd7b53bef8f92179b46bb43bd887eff6c0e4dc SHA256: 29bc3313cf80fec7b70b8b0acf41d194d24abfb8d0edd3bdb9f0c75d2d813651 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-526e1a2b-128166908518.lukitus | 61.01 KB (62473 bytes) |
MD5:
31475f1b4f38f56ea9f3fb892a129ca1
SHA1: 35e503bddb6773d2ec4fa56fc0342551370bef18 SHA256: bd739976c57e1d7275a52304b7d7b0bdeba5516e08ae3024680f8fbdc41aa071 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-15fbd8aa-4d0a91f58ed4.lukitus | 41.38 KB (42378 bytes) |
MD5:
f0a3789f2aaa76213cb01112e22b0a9b
SHA1: cd3895ed6ec7e35bc79691d6818a9cce1d3e75d6 SHA256: 96c26e9da10586ee9dceed556236713e4798193d86c19e2a49f314385890e401 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-f1fcdeaa-ff7f06504774.lukitus | 71.04 KB (72747 bytes) |
MD5:
676f2fcb58be85dca079aed3c0307b14
SHA1: 312cfed40b006bd070a17d3598638c8a43cf9268 SHA256: 39f27549d5c9a2dcf360ea7730117d5db1057faf98f7505a6313319a837f64d7 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-1d9844f4-6dce132fa911.lukitus | 97.19 KB (99519 bytes) |
MD5:
6d5e20a0682136d3786edaadd4386eca
SHA1: b89a45a4d8203f18eae7505c41537ab488891a05 SHA256: 50c7a84443a0102ed402d843e3066c78b171839a130533cbc4e4bb841710aab6 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-988e0a99-75c5268fa982.lukitus | 55.64 KB (56980 bytes) |
MD5:
01f852000bbcb39ac92aa22b36104f32
SHA1: d73eb40b00de0979342b96cc29879cca7f62d509 SHA256: 1bd6dfb3d97d3e31b19c4efc27c3676237153b34fea49aed5d7aea5bf1cbbfae |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-14d6a72b-e51a5d5dc391.lukitus | 7.53 KB (7712 bytes) |
MD5:
d1ccedf54e7d148c94dd92abd10e0ebf
SHA1: be302c7a6536983bc29e6874b4eca6457a25c98d SHA256: 50534e5328d077935daf7c0fe860c489005810bab3d36edf768a5295e7405a6f |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-65272a78-f5925d3fa2a8.lukitus | 67.84 KB (69473 bytes) |
MD5:
e15288fe1acec5be28093a52d52bf408
SHA1: bbf0386872ddc6fc426beca0eaf5c1d76d4135bc SHA256: f6871b99f685682d86176db35b1ca8b302607accc6ae0c8141ddfb4bd3d24708 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-ce32cc3f-ebe8612bbb20.lukitus | 79.34 KB (81246 bytes) |
MD5:
7e1d44b9e9949f1dcc44df1cb77b4ce3
SHA1: a74b0c652eba8eaa1c10151253cf92475ffd9c8b SHA256: 1e1a422b1424e7f9340050fb708843f8c2d75a719d37512cbbb7cff41da80bde |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-cda913e8-271056ab5827.lukitus | 50.48 KB (51689 bytes) |
MD5:
27db40185ac2b07a15df545ef2678a80
SHA1: dcd3ea567c7229127c1d74ebd2ad1cb5d081bad4 SHA256: d1225f27f37022bbd8bb885e22488197dd3374ad12bc452f1d40509a890c9484 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-ba7682c3-ceef9fbf020c.lukitus | 6.21 KB (6354 bytes) |
MD5:
4c6380666702b4a9498f07e2116bb164
SHA1: c7776d7c7d25d7877ec146943b7958f47dbb29c8 SHA256: 9c4266a994efdcd75b39a7f6fb17e4ee1106f9eb4643bf2fdb971e5735da886d |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-fdd27ffa-d0b0af905888.lukitus | 54.33 KB (55639 bytes) |
MD5:
bfde86a708ed6f8850ba5b5ed119840c
SHA1: 7cc914837ecff162b4c0fb7def66d3e3440bbe60 SHA256: 50b497246a384d66af186e1d98d2a475d97539a02729f805f8cb84b9e6e19782 |
|
|
c:\users\aetadzjz\documents\outlook files\f56924be-9663-41bb-612962ee-cda06faa83d1.lukitus | 265.82 KB (272196 bytes) |
MD5:
99dc604e6316b4a06151d52b041246b5
SHA1: eb7f0255ad4028acd7bff986993f5a494f73e5d3 SHA256: c3324f5e81082ff027fc770e463281b5876976b139f88cc24824e692ba27db81 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-8c112abd-8e26aa86b08a.lukitus | 96.67 KB (98987 bytes) |
MD5:
e082a12ca21ea266ab9b9b161f174415
SHA1: 9b2b62d9a09d455bd5885cd1893316122781e7b4 SHA256: 8b2e8cfe601fe954d4975dbc64d3b60ee4549ad080414aa799a9f849ecf02b09 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-02ed3f77-9c606d75c05c.lukitus | 13.62 KB (13942 bytes) |
MD5:
0c4780c26232d65f38c435568a283c80
SHA1: 2f4b40dd9a6f30a49f9b5235e9dd9a08fbf7efa5 SHA256: bd13f30a9947916e13dddd18dc3aeced0fa40a9c1142b7248cf0d339a0016974 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-781de6a6-e5a7705bb692.lukitus | 72.61 KB (74356 bytes) |
MD5:
ef37e81fbcd78a587fe70e70bddcb967
SHA1: e685217ccfb73b9a6922d56404be0fdb6ecb7087 SHA256: 43a0d03bf7797de26a60ecdea7139450823eccd41c68cca78580d5f86e0a0809 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-7b55cf77-61f436ad3e42.lukitus | 71.49 KB (73205 bytes) |
MD5:
9d9a97256dae66413e871a5f5d43a517
SHA1: d7ddfa8b1202e255e5dba150958e6d1d85b420d4 SHA256: 29d9dceec2db1c66b2cd8064c1767557086c8b9157891564a6d5720f513b3e4c |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-a771a452-48dd4ba9679e.lukitus | 91.38 KB (93577 bytes) |
MD5:
3ee359090152ec94da64d6dbe5bbc799
SHA1: 8edcc53621f8ac41d272577daf0e159755638f93 SHA256: 5b8829637915f6af31bee9eba73a6f521217b94926fb3667631300397d41d5f7 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-b282f5d6-2a6d69715153.lukitus | 99.04 KB (101419 bytes) |
MD5:
ab965e83e2eb2f180dc264c431a95365
SHA1: a42f75fb6ccd7b090f873bb74bebd5dbabe36587 SHA256: 551327f7b8862e2682f26ff105ee328c7a99860c9b3b510501e483c92b093c18 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-3a6db1ca-755757c28fe3.lukitus | 25.87 KB (26492 bytes) |
MD5:
7f6c8851cc5ea831b374025e26aeee8d
SHA1: c3954c511bc2521138ecc2e1d88bfbe26fe48e40 SHA256: 21136f752aa9e46b591aa4b52dac4282a7a0789acfcdb71d47d5ce95079a7085 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-a9142ec9-2efebc30ade8.lukitus | 83.50 KB (85499 bytes) |
MD5:
641e0e999b0fb9f59ee67e99926ba912
SHA1: d4b94289b0631439864046a593714b6e0e033c4d SHA256: d12ac6afc663ddc778f3ecc28e5fc90729b65a5072ca33c192bb9422ce62e29f |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\alldt37so 5xcj\f56924be-9663-41bb-d65a438b-83dfabbb8ced.lukitus | 69.55 KB (71224 bytes) |
MD5:
6e9af0cc8bcf2fa16f861f5e58ec2628
SHA1: a63de682a5feb2c95af786dd6df44823531810f6 SHA256: f35bd6b431d60d92171acb7e00fc7a8d9f542910d99619a390797bec49c929ba |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-bb96571e-96bbd2c0a8b9.lukitus | 47.97 KB (49125 bytes) |
MD5:
bbe54ff129630a5dfd8678ddd9aa3c59
SHA1: dc3ef9c5cdb18b8094c6cb5a99da648b0abfb202 SHA256: 660f420ce546f6714efa7a0a4cc6964fd2be7b29c46b2e15382753969a1ef9d0 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-41fc6dd4-65a22d7f605c.lukitus | 91.35 KB (93546 bytes) |
MD5:
62b011e83e86e7077823d885d1bd2f6a
SHA1: 489c8f2431864bcbc1ea9803767f97782311f299 SHA256: 94e6b2608712fbb162be540f2a78632ed74cac57b3db7de1fc6f62898911d919 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-6c56a97b-e7e6a4aa125b.lukitus | 42.63 KB (43655 bytes) |
MD5:
ea428f35f421f3a4b0d2a4a46bdc4051
SHA1: 114fca0136be8b192de0de76fe3203203382ec62 SHA256: d4e401cef6051ff974180b327f9c4234a67dfa07e56b9313dba5735ec0404ec5 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-a60ce289-e55a447535d2.lukitus | 22.94 KB (23489 bytes) |
MD5:
e15198354fa0c3c3e4dc76f9a8208910
SHA1: 71a89ea03798dafd9228861e65f3570ce74b9164 SHA256: 49caef250b7bc24751001002b12d043b17620e7aa8004696e19967bb8b2a790c |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-21f0ca53-f69e38a75cc4.lukitus | 53.46 KB (54748 bytes) |
MD5:
8970e86ba4de3c42745f25fdd54ae197
SHA1: 6eb90349f272dbea69efe746cbc394059f845dd8 SHA256: 8fedbbb46e330730684e9a9d812a59fc57adb6c18d04ceacc35754277bd253d4 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-4b69e5a7-f60e62fe4654.lukitus | 15.16 KB (15527 bytes) |
MD5:
4583cd56d09e37fc0ff4dfdf04479540
SHA1: 49106e215048c20ce86bcfe9f908899a9399bcb0 SHA256: fbea91064706acd43c1fc6facec79a8c82cf6a6b6fb2cf0783a7f44d6dc9cb3c |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-541108f9-2da524f314c7.lukitus | 73.73 KB (75497 bytes) |
MD5:
5816b177c84d1e4b863230be0d9b9155
SHA1: 02f22b739ca7aa67f2c516ab3ea123f792331e61 SHA256: 1a8848a90f9aee5f5bdeed6888f423920691f2c5f39be46ed56a4c729404ad15 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-43743ab0-5b4f9943c7b9.lukitus | 63.18 KB (64699 bytes) |
MD5:
30795453a10b70ca931d8fe543dfc0f8
SHA1: 4348bad3bba73608970b5a077b1c55fd0d427ffa SHA256: 6a1a9268cbfd7e9c5f8ec150ac2551c2ff78a7a79ce2b0af9ebd049abc7a9398 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-3f7eea71-eeab13681eba.lukitus | 48.96 KB (50135 bytes) |
MD5:
f18da71f888de931c6d290190ee237a4
SHA1: fc1e5754c9fc56908667ecf8bdf6d267e951e90e SHA256: 4e5f5f0e1e2724b82bfff92ab479d236385d5240fb370047bee42d15017ee289 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-44e29957-51107f7f4923.lukitus | 24.12 KB (24694 bytes) |
MD5:
f1e6b4a6cc6867fc03350e84c3c35441
SHA1: 001b04bdf199936d2718ef025a2c138fec1e9b8b SHA256: 6016bd71e598ce5808efa9e10aa4ee25706b088817596649177a0db54b984650 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-b70504b4-e9a7156822c1.lukitus | 11.66 KB (11937 bytes) |
MD5:
3aa6f3df2b8863ba677b0fce9d227f3b
SHA1: 654428393afb60031d4d6dff4ae21170e19d1402 SHA256: d045abcd1d24931a3a988e8ab2f3ba2ee52178eb22ed4260d78392d133fc38d0 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-3c30f310-5c6049e3f1c5.lukitus | 100.78 KB (103194 bytes) |
MD5:
0f1e68e87c1e3926b00f03e9fd4314c6
SHA1: 69d4fbff5e0b93c276b12cd5df74f59cd7c68bd8 SHA256: ec6da516a2e8ab7edc761e8dbf63ad5a39f144a559a54e3e9006d9d568d8708e |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-88736a33-a73fd1b5db9a.lukitus | 76.44 KB (78270 bytes) |
MD5:
10bdd7483abd5c15780cd187eec6d3e9
SHA1: 7c99aef210b09b55359f0b186e7ed6bba95ddc1a SHA256: 6cc4988052fc5268208c1aa802278a723729c40c317822f58603d3da4755a35b |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-49600478-a7543df24f7d.lukitus | 39.61 KB (40561 bytes) |
MD5:
ecde9114fa71134e4ecd50f6769477eb
SHA1: 49684d357f3b02e62331a8799d388af9b3947fa5 SHA256: aa71a2986de776387f5ed629e5a672b004f7afa098b9d2d571ee8f4777454768 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-7b6afc43-b245cc6e1dd0.lukitus | 20.56 KB (21053 bytes) |
MD5:
2c5ba72782c99ecea584b9c58bcfd905
SHA1: 7b2faa090039ac242ec7963df62d2dfc747112d6 SHA256: afabc17789bc548a251043b4ee9b9d48237914694991bd44d596077a65729a9d |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-026b0f52-b0ee23b731c2.lukitus | 25.78 KB (26401 bytes) |
MD5:
0b48798fab9d59f4cdc78ca9a7df98d7
SHA1: 6ee7d9e79c939d896d8dfc59e93bfe1629f048ec SHA256: 888e468487916657638ce4d470e13a0ad0bfda2a5d5176974ac9c5429dc81cfe |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-71ad6e57-d734bc0dc073.lukitus | 55.31 KB (56640 bytes) |
MD5:
4dece80ced1f7c0b40c0e71b9253ae6c
SHA1: c4cdfb836256228e788c938afa5480544a43421f SHA256: d57dd4c701f4d7ace0f4eb88b08855349155bbac8be1e050342a97259182f2e8 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-7b4e72c9-ec40cc1387f6.lukitus | 59.96 KB (61398 bytes) |
MD5:
6c589300bccff80e34e7ee89347ab822
SHA1: e47f983b65ea4bf4e521001b7332d875578f7457 SHA256: 970f3cf452bd4aa7938e2ed7ab8a4332e1b60156b1fb95b9cd01c6559f5ee597 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-b233076a-f3f69be0de98.lukitus | 57.05 KB (58415 bytes) |
MD5:
674111b049564a315cb77810334b6812
SHA1: c380c52ebfdb46add2fd95277002555716fbf9df SHA256: ecebe3573c7b92387ae8a27aa2d8f20f07c9b0ec02a574f2135601e7112883a6 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-b0d08948-4afdf1d5a73f.lukitus | 46.13 KB (47234 bytes) |
MD5:
58629c03a02f8949cedeb4264ae04000
SHA1: 5354fad509be0ae80298573ac94b0fb1e3ab3553 SHA256: fd3874cafd3e153d71614dc0040cc91995be12f1960887f6e02d82be1c480be7 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-e6373d05-052cd23b85b0.lukitus | 54.76 KB (56070 bytes) |
MD5:
c5bba3c53d13a5b64cc017e0a01699c3
SHA1: f61aa973b6b13874aaec4e5552460ae34ab7b467 SHA256: 89d4c40bd26112498cc38a463859197e73e7d268fa423dadf30c74a942680ce9 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-0b1192d3-83011f532cb4.lukitus | 98.05 KB (100406 bytes) |
MD5:
fa8eeeb7176b52428f50c47cffda51a0
SHA1: 0305bcf827446971e40619ce39195e5d50e26299 SHA256: acd89d750354acd177632d4f35b73cbb978c73410194e533d561ff26371eb022 |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-0bd9344f-59e2fd1b8612.lukitus | 37.05 KB (37942 bytes) |
MD5:
390c978963fa6fcff45f6ff8fb706571
SHA1: fc13679abcbae212bd248c04369ee984829d5c21 SHA256: 83978e3835fd145da977a36ff5594a90c8017549ab5978b7ec95d0034a3124cf |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-16ac9b2b-cf64176b99fb.lukitus | 83.96 KB (85976 bytes) |
MD5:
fe9bfe26bfca15c48c16c7e07c895ddb
SHA1: 0830a240a25dd5b312f47e724372a29bc2814e60 SHA256: 872bdcfed75cf02be4290f4bec9a88b4a331d0bf181b6e69855b43c7dfa83fde |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-6533c1e4-c0738507f428.lukitus | 93.49 KB (95738 bytes) |
MD5:
e5518c14c1615ce72e9fe3f20ed115f6
SHA1: ac707c1fc026c0f9976e22bb661a0bad2d4c0293 SHA256: 4321f2bb650270e29efa859d59fdd1f367843abdaa1163231d36a0626ab23fd5 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-d49bf973-e058168b454f.lukitus | 34.73 KB (35566 bytes) |
MD5:
3c622893d523c4b4cb2aa0f86108bd61
SHA1: d5e6fe17cb9eb5de11f650c91e679aeaa52ee463 SHA256: f39349480a4152ea8aa13c8eda001d9324c0c665b8f7a171baa3ce008cd59b70 |
|
|
c:\programdata\sun\java\java update\f56924be-9663-41bb-0fd4e971-761d2214f09f.lukitus | 0.93 KB (955 bytes) |
MD5:
e5d7624acd733aeb46248b02a5ca37c9
SHA1: 0395fd72c9dec4e630c9d3e172c865e9210521a6 SHA256: 6f4c324050b26f7478cec8e26b863203838ed110269b72d6bb7fc4483002bcfd |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-13f942e8-48eb76e84f48.lukitus | 16.12 KB (16502 bytes) |
MD5:
f6d233d0e54794f515e43c3957b4bd36
SHA1: c6e88abe0d62ed019a4a315ca93148e32d249887 SHA256: 0fd7093c5030e4b23a5cf48c98cd315c8caafca22a9ee2baf5797a3e1f79cb73 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-29a7dc8c-dfc0e8056306.lukitus | 14.89 KB (15250 bytes) |
MD5:
38312e874cc6187dd6df21fa661996e5
SHA1: 75cb4df8e34e98118504825f6980de6615dc6f9e SHA256: aebeffb8b208901908b42efbbd6ada7818009df9cc6dbdd16d2d87003a8c0a6d |
|
|
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-44ce3cd7-afd504f36697.lukitus | 46.32 KB (47429 bytes) |
MD5:
015ae1bde6e5fec87cf588c3e391a541
SHA1: 840c8e1cf059750555b3c523d8f373879428ab8b SHA256: 1522fed94f047caddf8819cb859caa543cf4dac5ddec13a0fc349bef54c148e0 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-1bcb39fd-c93e3b4c590b.lukitus | 74.01 KB (75786 bytes) |
MD5:
f437376e25b9953e5f49c245fb862780
SHA1: dccdceb4b973ae7415d377d29115ce5afa3c0c35 SHA256: c81e0492c58eb3f5ccaa7d8567f4a827a8ea6f71a46f229354f0fd6d9ffddb3e |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-8ec36e5c-ca39e2ca23e1.lukitus | 22.25 KB (22787 bytes) |
MD5:
3b91a491b3fa287c78a534a50d2cf296
SHA1: b15340ac53f9bb3ac3e42bb05be0b1f83cd966eb SHA256: 6a8232b65ca125b44bb33194492922fc42bb9250de0905e377de8a73314bb54b |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-db3a9c6c-b4a2996d18e4.lukitus | 826.93 KB (846777 bytes) |
MD5:
c7a0cc1ec3308de7726404756f4224eb
SHA1: 1e6b31dadbe5ab38a5d91c548c66099f1841d165 SHA256: 95d11560d5a43ec88a6abf98bf90599db244c3332565c0afb9b4cdc99e80f2f8 |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-63f06b4d-40748180c2c9.lukitus | 582.15 KB (596120 bytes) |
MD5:
eb2b55105302183288147363c55327b2
SHA1: f45c343692c552032c1becc8c04dcf524f980b9b SHA256: d49aecda2c122fc9c5b0bfcf377297600ddf2a77d9d9a456f995682250a20890 |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-2128228c-3ef411e166f1.lukitus | 758.34 KB (776538 bytes) |
MD5:
c992e8f974b5f9f9cde843e199bbe780
SHA1: 30e07368b76be57ad85cbc1ddc0f0ec6546b891e SHA256: 93f55ef6b0be02288a81713828056490fa63b92618a0e94a767f4c1ca9ba77fe |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-7d28049f-ca2dc98d9072.lukitus | 67.61 KB (69235 bytes) |
MD5:
609dd4e8666f15060b352c277496b383
SHA1: 3d5c85361e5d94a474785e5226a0d904814c89f2 SHA256: 027d71512c9a53eeb25f3a1a1f151cd86dc44de15e6c205bf121e658ed28fa09 |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-d0039c86-9e680ba77e12.lukitus | 763.35 KB (781667 bytes) |
MD5:
0cae6416a51b268c9180d03f59d92dc5
SHA1: 8deb398747c130d5b16251a6bcf6832f71931bde SHA256: 7480b58b1ab6137d68cc828284920c935c30038e6f196380c3cc0818667a6191 |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-16db964b-ddb43481f1db.lukitus | 97.55 KB (99891 bytes) |
MD5:
69cd8258f01125b41414f4441106351e
SHA1: b12037b8e0b3ca3118e5af1c01800ca5b3616b1c SHA256: d31ab02d80c5e8b60eeab53a17c4ad59e35596ccd71ffbbee9f7e7fb1ee30506 |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-8ea4d603-5a2874fae3fc.lukitus | 548.94 KB (562112 bytes) |
MD5:
ff5c86ab51b783858399547f89eecd26
SHA1: bca7b2364baf01c154f886b21b8d20cbfa0ada6d SHA256: 78c50b44e3fc2ce3ec7fc8869c4119d1f1b34bd5f9196f82fce154c846827fe7 |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-bea9b2d7-58d4fa770e74.lukitus | 760.42 KB (778671 bytes) |
MD5:
4e52eca69058b5b90c3cde991c6fd074
SHA1: f59c4f09d5aafd93b52f7db3ec872fab6abe73f7 SHA256: 3fbc6b06e92ec7067183adefbc0b01b2d8eb5d74cd05a24f67cb83f0af1a63a3 |
|
|
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-34c63d6d-4a50106c55be.lukitus | 2.38 KB (2436 bytes) |
MD5:
ad9fc03fdd67cd9298591ea0d12f9347
SHA1: d08c6626fc2d953917239146aa9dd157967f9c8c SHA256: efa59c6e1aceb673a673a44fa7259970adced9049ad1ba518793a34a9bcc31b3 |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-6ae0090e-6cdcb46c0311.lukitus | 15.85 KB (16229 bytes) |
MD5:
5ac26135af6fc8fe57d50c009b23a973
SHA1: 826b2d4b79875fb6b9ed0b54c41c8b47c6b80e34 SHA256: 86be99489223371ded8182569b025831e04cd54239c4d688aa021ae5f5b1fc07 |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-3b2b7f6f-812656df84c6.lukitus | 66.32 KB (67908 bytes) |
MD5:
cc16e88d461b2a64a0a07952011b6c78
SHA1: af3fa4ea7f69bc944db7bc8a8c7604524aab4960 SHA256: af85ec3bf7280380e72c235d78709e7503ae93b9202d26e23ddd92882c7371b5 |
|
|
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-fa0d154b-245888d727e3.lukitus | 63.56 KB (65088 bytes) |
MD5:
ca8ce82168e9cf9cf3e17e811d8012ae
SHA1: 4d088416707db0ee6142c662e65102f48d5fb884 SHA256: a7f002038faba925f927b8f413df6a76340dc71e88918357bc7562ccda14c087 |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-85ab3cab-1a0670314428.lukitus | 607.15 KB (621724 bytes) |
MD5:
186014ca84f18a2a0a4cf027197c3659
SHA1: 5e9a50e85d5b48227b523c373a7b9440f2efa9db SHA256: be55916dfabe1669c8523e6e0a87df65e73faa665875aa26e99e8f0369499714 |
|
|
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-1753ef9e-5a7f628573fd.lukitus | 24.70 KB (25290 bytes) |
MD5:
125ed2e35e1356ec3ce7af04d089cf6b
SHA1: 17987b1957027fa4bcea9f3296c4f4b2a696256f SHA256: 5ae802bc9c55e110e649bc8f375bb060218f0138e31d071f76f82363c00c87f0 |
|
|
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-6edc54f4-2a6316bc2a6d.lukitus | 81.85 KB (83817 bytes) |
MD5:
8d9d2ea39d85168297b0c8463aa91048
SHA1: 354e90bd9f3f0b30ca32b69be03bd8fb4f638125 SHA256: 7561bca5b6c8df3f4f7f7e36f03bb0bc3edea4025ad99b1b03630f355a63678a |
|
|
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-ad1ca3c0-3165ab58af89.lukitus | 859.60 KB (880230 bytes) |
MD5:
4ce15772a2aac9a6add35ad06980e018
SHA1: f0bf0b4046527293854810e644625d675019bdc2 SHA256: 9df69ae1c809db7fb5cbe188b0f9d88e86dec488d44d5ac8f33fe284e3615294 |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-5d8cb0e5-0f44328ecaf2.lukitus | 87.20 KB (89288 bytes) |
MD5:
263038a221405a16c3acb6db5ebe9c65
SHA1: 70cc3921b3c6718efc69b559c044e47aaab3b4dd SHA256: fa6a71c1b63fd9d33b7d252b8f53d7db96645299269b92028ba8d5ca5b34f023 |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-0725fd16-48003b943989.lukitus | 88.96 KB (91093 bytes) |
MD5:
7db96eedf7fbf29176b3f971cc7850fc
SHA1: 97e28ab0727fed8be616863e4994fc8e01ff028b SHA256: 5ed5325f19dccd610d97e211a461e9e7c7bd3b2a76337074a57690d218aad144 |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-21ea5f2c-8701a72f2220.lukitus | 96.61 KB (98928 bytes) |
MD5:
6c5f6d6c1f9cb1698087815dae3ae6ad
SHA1: 88fc8e84ec4a5a1df24c99ea8d9325b3150e1d07 SHA256: 6d78af00ca0852baa7fcb08b8a5cecb51fc1ed2451c1af3fc9832e35a8b24a5b |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-5eeef7e5-307233feb153.lukitus | 99.35 KB (101738 bytes) |
MD5:
875bd5e3e0eff4b0d987ae366d7e6041
SHA1: c40e0cf6dcefcc47bcb333be2ba4b36346a74fb1 SHA256: 6026dcd8bdb731eeebd07c9111a9eb27dadd78366758b155ff87d6b2d0ff5160 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-105fd1e1-6c6be53496ea.lukitus | 67.88 KB (69504 bytes) |
MD5:
d17b3d430fde8beeed17cc0efb664ab1
SHA1: 6d76f7c3d691e026700c5cdbe6158bd42b21972b SHA256: aeae24d279b192567f7a90b71371ada1d8a8f75855884e6ea1a734a5f454df7b |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-0dcfa9e5-faf41d841f89.lukitus | 58.99 KB (60407 bytes) |
MD5:
da6e9f7e90d23867edd35d848ddc5aaf
SHA1: fc8889186c0193b52b3d54a4cbe509be027f330b SHA256: ff27ae1c3d97c77c38bc0dbbd43af610807a60b4110faa713837181384cfb326 |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-4fe46af0-e6208dfc4337.lukitus | 57.30 KB (58673 bytes) |
MD5:
5e564cee97c6dfe94cf72453127fd8f5
SHA1: 6dc03568c39255efa7e4ea35913b0066d7a26a3f SHA256: d05b35f4f554bd90937a62728f4ddedb55ea1a932e794798c175ac0dd73ccbe9 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\hmcn--w\f56924be-9663-41bb-8ebdca29-fd38b8601764.lukitus | 85.64 KB (87698 bytes) |
MD5:
9dfa0bee9df987f02306da67434a65a7
SHA1: 9b7c61c830e942ea271ffa047d6eda694058abf6 SHA256: 6566cb2b42873520944bbfeb9578d12caad563f5e945bade9314d867a9821ec7 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-bfe5064b-970c8f5a0518.lukitus | 15.99 KB (16375 bytes) |
MD5:
3f844b86b9c824437f480abad28c6c99
SHA1: c1ea0086f2d686ce51e87a19cf37b41e6fa90d14 SHA256: 3a8f1508d6a20477182d64710204aa832adcc0699dff1e67da0b198a864dd5a6 |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-85a5b08a-605b60b6ebd6.lukitus | 70.51 KB (72206 bytes) |
MD5:
4df6e6740c263aa385de7ab8d612c2f0
SHA1: 5b8561902d5b06e84d2dca6e20495664de89175e SHA256: b33ac7b2c77c3f2feb83405ac5eaeb3fa4d60b20b2c05a8c06443a314a104a81 |
|
|
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-88881914-b3ae12b46247.lukitus | 11.77 KB (12052 bytes) |
MD5:
c7fc4e55b879a5c4bb78bf9364d2b18b
SHA1: 53b90e5c4e2ad6c5b99484bc893a213e581b2b07 SHA256: b771cd820eed03b368ea27b206dea765c6c48ba4ed97cd48b3d2d320312ff033 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-786f2966-85dd58079d16.lukitus | 70.64 KB (72332 bytes) |
MD5:
af7714a87bb259577f9cd70ba3b4a43f
SHA1: 8d5d1151035a895ad1c59328d8bfbb2873edf376 SHA256: b6f4a6687bd21aed052c4ec0847537fce383cb022701e275145efc4844451766 |
|
|
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-160875ab-8c16168ef4dd.lukitus | 34.63 KB (35461 bytes) |
MD5:
d6ffc919dd46ef2225ad09abb6b03cb3
SHA1: 3d38abbb116daa61173c8a05eb20eb14997fa28c SHA256: 4bdbe60d8db008ce218a5c184c91b41176025d6a18e09edefc28581ad4d86413 |
|
|
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-169e6313-c430f979b7e3.lukitus | 93.48 KB (95725 bytes) |
MD5:
0eb5d0a5a5a1c44e54259d4385118891
SHA1: e2b9f0fe121aefc6def63636ca6f75dd12400811 SHA256: 82596611766de45740b6b6a930b97aff8f8053925a3173424bdf9b7f73fa2858 |
|
|
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-ed8e90b1-c99eeb3cd344.lukitus | 30.37 KB (31098 bytes) |
MD5:
1336a8270def600025b9e56b32364fd2
SHA1: f0b7a35386e13258f201612900d830b72907839b SHA256: b482c547d6c27c38404265e23e89eee5b08a2a9cda977c6777a586f9407f43d1 |
|
|
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-d8d6a0be-1eeb096f86f6.lukitus | 76.70 KB (78539 bytes) |
MD5:
54691b48c2c6a9cac8fc27e298e243c6
SHA1: 5819a5f2c9476cb1695b7be464e667c83cc4df23 SHA256: c8a694b9b45d39f0e8cf97fa56356fe2e624aae6ab1b4d41326f3509d5696ffe |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-c18f2589-5c71bf4f3255.lukitus | 55.24 KB (56567 bytes) |
MD5:
b8e392254147a37a185517b4f6b3042b
SHA1: b630e4ae8ef2ffc2de66e87aac945a40a9287693 SHA256: 5f578fde878f6aad06bc4d9e6595544840e9dd9a9380907ba4adedf8a3c4104b |
|
|
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-a5d5084d-decb3b0c7615.lukitus | 35.00 KB (35842 bytes) |
MD5:
6d481224bac4a1e375b34aaab96f3125
SHA1: 928b5cfed88226f6f8e55f44dab1511f603dfb39 SHA256: 98da131ca6f3fc566c73ced50216f3a3be3056925bcf15f2ac5f10827abae3e0 |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-a080fc17-79d47057b610.lukitus | 34.27 KB (35092 bytes) |
MD5:
042b78909f13410e288ac87979e83d61
SHA1: 8518bd401583d47d3665e6e3a15e0351e4510f8e SHA256: 4943e008dee7cfaa9017bc5762d32aaab9612f3c4a32ce504de784774c63ed44 |
|
|
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-1d9631e8-90bf411c2fee.lukitus | 38.80 KB (39731 bytes) |
MD5:
006811bc5dafe18a5b3cbb8a6e05131d
SHA1: d355b436a6ceda728b93467c1c9dd5ace99e2c2d SHA256: 63cb3577f7b000f7b1525c50de49248fd795cfe7596afe1b4b16fa9fce8146e8 |
|
|
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-8b683683-04f707d56484.lukitus | 9.60 KB (9832 bytes) |
MD5:
2bca9c801bae8b187e614854dcfe45d7
SHA1: 89f8ac79a5abbfc6bcb18871f76291b4bcfe1d98 SHA256: ff741da1614409e35ab97081ccbbd0acdc727eab1faea2464556dfa6f382325a |
|
|
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-ecb96fe5-208908824dc6.lukitus | 62.68 KB (64187 bytes) |
MD5:
133e56f297202ce2b8d6e56a58e51483
SHA1: 79f080fa37c9b8e4b7d8589ac7872a51a853f19f SHA256: 4d0b86aae98709ac16bfd3c7c70d361fad7f8862ab72fff806a89a2af71a96dd |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-61116eca-f6682086be7a.lukitus | 24.25 KB (24835 bytes) |
MD5:
d139fc83092b0854111e706415920b0e
SHA1: acc2618bc1f8047a7db70c0de263f554261b82eb SHA256: 31b652297f9c7406cf1a8ba5821f9e5bef71bc5ecd9c7f5994d0312497f61b3c |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-0a72e3e6-09c6bd33ae22.lukitus | 76.12 KB (77945 bytes) |
MD5:
29b4e594c48dabb7444129b2a768267d
SHA1: 940d4cedf379e2194cc1cd1d716e6b97ffa35264 SHA256: 0cb11a43748c609b624ba2f700c2ec2ca89295212fd8bafe18ea9470adbe366c |
|
|
c:\users\aetadzjz\pictures\f56924be-9663-41bb-0f2db1b7-adea5382834b.lukitus | 3.54 KB (3620 bytes) |
MD5:
131f61fb3e4a2e22a28b28f76cf85ea5
SHA1: e0063d8ef02c58e1473c851668fc47340a1cfa99 SHA256: 3d36441a4038a8c4feb102ba50c6df7784b4dd07692988aa762a6d5931d948d1 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-97bfbcf8-b516116e07da.lukitus | 61.20 KB (62671 bytes) |
MD5:
60b29baa2723f1c9fc8ce005d4114859
SHA1: 7ced67dbf0f687ad3bf18c945555278d26d2b688 SHA256: ec2dfc3efb3c6b0dadb82899beedfc99c3603cb75ae30378ce14b59c80615058 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-9d05ef54-2dbbb8a0a892.lukitus | 65.09 KB (66650 bytes) |
MD5:
a36d01388c5b36b44cfb81b19d7748ec
SHA1: 42b2837c3f3d166b08ace6d91c45a3c3f42e4a9a SHA256: 181df77c09a33d85e521fcda50da59471a616369e4465ab197782ee127af0c13 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-9260e0d0-755888374530.lukitus | 62.03 KB (63518 bytes) |
MD5:
01511775c3f72b14aa155c2192ba8ab4
SHA1: aa2fe6c8cd7b75981e0cc635814bb16547d10504 SHA256: df34c8df3cde7aab5b6a9cab0b987e65cdb9c2a4614729a1304264f7e79ecb43 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-753475ac-25e968e13af6.lukitus | 17.64 KB (18067 bytes) |
MD5:
56a3ddd0fa9090b7b512025e5a401e20
SHA1: 5d9198f39a76648b546fafd1f7dc9bc94e089f56 SHA256: d0ac77f4c7c1c4a64007f1c59cf668897b490308b8ba956701e127409fed7ad4 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-3bb4b2f2-cd9a31ba95f9.lukitus | 28.23 KB (28911 bytes) |
MD5:
57e9752de10254dc8fb5ef62a1f56410
SHA1: 42c91cf8722c0480ecfb35f1265a2791911bbe14 SHA256: fb58a6bbd7d1c99b7e253a680143a35ec66bd94b3f15dc1b0756904e57f134a2 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-67a2c15b-ace8513d7dcf.lukitus | 24.30 KB (24881 bytes) |
MD5:
ee6948d23282c4d051ad0d84752b0b56
SHA1: 7b5abaed205e052c48fce640dc3dcb1d10a5fca4 SHA256: 0d64cc3faa9d4c777a382028cf622a067b843d0d8dab9a17780b72071292716a |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-1d8398a0-b0f041bd0889.lukitus | 40.43 KB (41398 bytes) |
MD5:
a3aa6f24770c48403987ef6d3f661a52
SHA1: f561518fee9ccba23ef7a8e607433fb91c522b09 SHA256: d7cae341a5b6bb064dcdcee0df2499049f58daf46bf77a68016ba9559a2b2212 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-26890357-3e98a81805a4.lukitus | 8.46 KB (8658 bytes) |
MD5:
e7f11bfabe783d3b2bd6a97bed38a1e9
SHA1: 0fa8e4ddac14120abf524660207c23f96f96c1c9 SHA256: fb8939676fabc1d3c0bfc48cfaadf45264d2674271df638ff6d9c36ea5e65c51 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-920974ec-cc3ab8381775.lukitus | 36.77 KB (37652 bytes) |
MD5:
84844a574b55c3fd72c43876e6f7a6ce
SHA1: 5fef2beafd23a7727ff7d302fe549303dc9d8375 SHA256: 6597ae1e1846f265808e0a582ff3c728a875265a56d4573175c698fc6849420a |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-2daadf60-e156096da44f.lukitus | 53.71 KB (55004 bytes) |
MD5:
af7bc76a7aeaad2b5e06fb6c590e62df
SHA1: 2cc8ab65b2660e4a04eed3b43414a1d4cda9c447 SHA256: e62fc3fe20b9eb1f99e723bc1d4be399b86685f22981769c5a17c9412252c397 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-f0395898-eb4252148408.lukitus | 67.79 KB (69416 bytes) |
MD5:
f971962a5c41b255ea328959a1ea7f39
SHA1: b3ac71960dc96959e40b9cc11da8f90c5f9e9f35 SHA256: 4aa6348f1b51026680973444c6a9babd4e52aacd166577443929910cd2467093 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-7c24ae20-0a25aa91c989.lukitus | 78.80 KB (80688 bytes) |
MD5:
165538794fdfd0e2328251c7c781a2ab
SHA1: ba5fb810268b57d4732ef05396b8b633dda1c839 SHA256: 2a760cfbb662cd8bd56d1d0f19f1fa92693ce12ec2d954de48009ca3fe8eb05f |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-fa254207-48d9bc68f536.lukitus | 30.75 KB (31491 bytes) |
MD5:
4c31fe3f0361af9550ae36539b089839
SHA1: 26ad476bdcde39d53378e9088319ca10783edd3e SHA256: 90514fd2e74bd19016b4ad07e76f02c78879706943d54ab1d70fb5a9630b62f3 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-3ffd1798-470c2125eab8.lukitus | 2.64 KB (2699 bytes) |
MD5:
140820055bf5e7d1660cd5bb1aade4e1
SHA1: 7bd54c718a37a7d4f9ae03d117c82ebc41c4cc89 SHA256: 084866ed274468828acc947e3fbfa62af63ce5d84d9dfd8982e6f24e970ec2ac |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-7fc86d39-ef25d3b23399.lukitus | 14.50 KB (14848 bytes) |
MD5:
50dd1e09cfcc59186ea70aab583a9014
SHA1: ac284339d35535076b2620db326c64c73fc65d40 SHA256: bfb50446c27128c45569228fbe8ee381704ef171af508391dd8d095bc013f464 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-8e846290-5233b81c7d00.lukitus | 92.36 KB (94581 bytes) |
MD5:
5476591c0489ee38585f8992ca677a86
SHA1: 1c3f5d0b9bbae08814391da2f7880db56aafff34 SHA256: 847bc50b4aa2ab63fd4a335b7e84d5c406cd8a52fed00056797f45a859219f5b |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-f4705dfd-535cf3ef79b9.lukitus | 80.08 KB (81997 bytes) |
MD5:
1173aaa14bf0f412fcd92b9265e318ca
SHA1: dc69d137034ba334da2e48950931ceee9f7bc66b SHA256: 3b14415e4304ecf7e1ac5f8004fa2a8b4ac5ced6423621044551142d0c710a7e |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-e9f295fd-1189f8affe87.lukitus | 10.64 KB (10897 bytes) |
MD5:
d3f520654b53ca913a53cd3a859c1d82
SHA1: 805699c2d6570747117cc26e80f73ef464592e7a SHA256: 5d94a353504c88bf20f4f5e87e613f4886ddceca86d6a45e778b0e8d5ea01c21 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-bcf63bc1-5bbe68e793e7.lukitus | 52.70 KB (53967 bytes) |
MD5:
7c9c466123107a3796f043f83db191b4
SHA1: 565bab6130419a45e1c17abddf1653012684762c SHA256: 54e7710271568c6e28b7f195071871debaa1586ec807077ea8d1282eda42b6aa |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-6a36d603-50f4deb3e87f.lukitus | 70.64 KB (72333 bytes) |
MD5:
44071515d6a0fc0c5cd8707c40ee2483
SHA1: 3e0eb2903d9c2be66ac43753987ded0ebdeff7d2 SHA256: a79d934f2434fe5f5c6340a63ac71012f4116a0d3f6ab24612d7643a5de4ceb8 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-952d529b-bd0be8b63751.lukitus | 35.25 KB (36098 bytes) |
MD5:
eaf9f4bca0dd2a177d12c2124c140ed5
SHA1: 76157a8daff8551deb964be3c4f30592930af1c9 SHA256: 26ac8ac44fa8cf45758f3e251ba3b05a221e9c1695d6ba5891949af72b28e654 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-b0bb4df0-6cf812a4840d.lukitus | 66.07 KB (67656 bytes) |
MD5:
081e4d7f2b3b835e92872d746282d832
SHA1: ca08c720a5a78050824ac3941315a2fb2ff7c042 SHA256: 8800474b7b18b9a417a6602e0d2b8cbf9b65b36194622bc019bacf7e5c8f30d2 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-9bd64c04-ad5d37a21037.lukitus | 48.58 KB (49747 bytes) |
MD5:
41b1031a19e81a8b286987b988a52a18
SHA1: c2dd09e8573a0c2eb968e03ca3964b047c5fbae9 SHA256: 0f4ee31358899953e6f01fd4401e129c08629cc51ad387f5468ce62dc4d4f42e |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-873ff873-535f0466eff8.lukitus | 50.10 KB (51305 bytes) |
MD5:
5b2280a98e3651768d842cc12b4f21aa
SHA1: 8ac4cc828f3c8d362b6d24b4d2b8ddc6b7afbea9 SHA256: 6285d80b671ce5a93871da7629e3304cf72026c1f241dcced7dcd57d1748a7ce |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-5239650a-9efdef59c32f.lukitus | 34.03 KB (34847 bytes) |
MD5:
7c7a7952a000f04ce424b1c50f2f5b8b
SHA1: d2700f1c08658d04b42cd4f06936bca69c219d92 SHA256: 608e52f6978d52406745c1258d6185eb114452c84510fded24ab15804dd400d8 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-6362e4f3-eaa74f3658b8.lukitus | 95.59 KB (97880 bytes) |
MD5:
645ecf9fa7463055bc11fde9b517cef6
SHA1: 9682971234bf21b61d9a2b1fd397fc6e48af213b SHA256: 118bcd0d7817703514e9db00f8e3e4f4ae71c160b3110395abe6b321046f4c1d |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-661ee13b-fdfc54f63d1b.lukitus | 6.48 KB (6632 bytes) |
MD5:
ec4f2070501910b59af19537f5be8323
SHA1: 7d63abe1ca6d4cfad0e8c588ebdf8dae91f1b368 SHA256: 1cd36d416e41761b8859721de85ee4a52a098379ba15fe13524d6c466184b91d |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-bf55d3d8-fd0b023dc035.lukitus | 2.90 KB (2966 bytes) |
MD5:
778c095dd764625ba91cb02a45d8b79b
SHA1: f9bd6b2e018bef5da8ff61692557e479508faabb SHA256: 1f8ad422fad46dd52ad19bb2d405328d2ee0dfe994553a6eddcddd7032ec9484 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-0b96a441-a5b4a8d7b326.lukitus | 47.13 KB (48265 bytes) |
MD5:
38bc4d603488cc1bdf138a94299c719a
SHA1: 5d2fade9ae38856a1651e4d9adcd5e1defdf44a8 SHA256: 700f05e8c8782542b907f30658135ca9d809de5993e4fe4f5979d75697cc1f7d |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-f670bb2a-dbb903142dc9.lukitus | 82.31 KB (84282 bytes) |
MD5:
87422ffe4d179c759661451418dc5c0e
SHA1: f7a56f39047837c4d9eb0c17aece9148b38a67f3 SHA256: e3052feddeb687b540cf36fbc2f353a77beac747ef2baf1ec2d2f668116229e4 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-69cd54eb-8041b408a46d.lukitus | 30.12 KB (30840 bytes) |
MD5:
527a009eada45914230997dbe319f744
SHA1: e9ebe047e60645131442e4999dbbaef4b4d72d55 SHA256: 92ae45e2789eeef9af01d394c7586046d0ba7c18beed3acc081b3647cbb3d8b2 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-25c14b11-af52ace93c08.lukitus | 23.71 KB (24282 bytes) |
MD5:
28e0fc035da4b2cdf85f74342fcbe79d
SHA1: 00aaefd97a6bcce113b08407b97301dfcac679ee SHA256: 95109a28540b2216b4d2491da0b871bca5e9c69407cff7ed2b1ab70618e7fe6a |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-63bebf75-6e4f6b50a466.lukitus | 100.03 KB (102432 bytes) |
MD5:
e79ba289e2d4677465c0b352e8b31a45
SHA1: 7568bfc6ee9542d5d1888dd7b796b4a4741bcb19 SHA256: 12f426255c244da1ef318667f562233e7d52ea34dc614f94561e478ee4346c02 |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-cfa9a4ca-c26c379710f3.lukitus | 57.95 KB (59337 bytes) |
MD5:
f8e8da7c94060c384549189ad7e9a85e
SHA1: ec519505672ac06ab384dac4a6fa3d955a72f91f SHA256: 978ecbea2eed5472b4a16c113db07aba71c9a29e0aa666052a421690d6dbb5cf |
|
|
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-085a70d2-baef6bf91be0.lukitus | 82.21 KB (84182 bytes) |
MD5:
c04e000a69cf0d784dcfecd3f7572e80
SHA1: 0fdd43461e5afdbf61284b55555a9dcb45f8346b SHA256: 60bc2a7d92061560c6d097fe903729cb8e302c280a84c57a80629fe25b387d0b |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-9fe00690-5be45d83e6b9.lukitus | 28.53 KB (29216 bytes) |
MD5:
9ca72d4068da96a387e6392bf4241fa3
SHA1: e64d9e73f82986b365da4b34e9e020f7c55571de SHA256: 7cbe132bdec46a9cb394f6c6ca57a84edeaf770d385cecc23b3504fbb01205d5 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-dbcbc906-02de713df07b.lukitus | 34.61 KB (35445 bytes) |
MD5:
9d8f05c7fa3f17c4c1cb8a150bead52b
SHA1: 0ce59d13adeda605423db1c4676a3ad9b022455e SHA256: d4c6a8e910d320d7af494614de77895bdaf2c70deb5de28d1586f764bc72061c |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-c35b48e2-8851b50eb3f0.lukitus | 76.13 KB (77957 bytes) |
MD5:
6c45ed783a20717bb246b66194afdeb2
SHA1: e464d7ff8e610668d9e25e8f4f458a5fbcf7371a SHA256: 548c23541add5a2533d53033bc25656d8e8d23ddcfca75171dac5503f9057e43 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-a9f24c29-70ce3c53b5ef.lukitus | 78.37 KB (80250 bytes) |
MD5:
e134b68ea240a77b60839677c62b4e80
SHA1: be2d5250b8280fdf5aeb7723c42295520f25ba3a SHA256: 0d157a8c158dc633e4132381d26a851dfb9db3301d63ba3a8999ffee87dceee9 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-fb222ab3-c8884d7041dc.lukitus | 22.31 KB (22842 bytes) |
MD5:
22b1bef97fb7c8d48bb1c1633447ea72
SHA1: d656b5eee687b4521fd37457595d7a988e9213ea SHA256: 726fba39afe057b9496a033728e6347d3f0f61157cd458d181f1370280da0092 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-1d408981-c958dff9603c.lukitus | 39.06 KB (39994 bytes) |
MD5:
7dac62939254c5ee724eab8baa666234
SHA1: 53fb6c22d4791e153b049f5879548dee66b270ca SHA256: 3aac024af5b5d6868acc10678110102c9f36bdb38cd84f363ea34d8cec9e2ee7 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-d452c080-ea561ca54681.lukitus | 53.37 KB (54651 bytes) |
MD5:
259ad629fc43052d44e053a2e4f6255e
SHA1: 4d0f3f58225dc39aabed48f172b0660078a81274 SHA256: 0161073e077b6e1a3650501b67100b3b56dcc0ecf28415788b51db269b1a6a01 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-24bb1763-4852852a6d22.lukitus | 14.83 KB (15187 bytes) |
MD5:
46c91fdcad6cf3fd10fff4f24210f6be
SHA1: 683da0f7d3c641dffae4099855ca00be4f031f65 SHA256: 2ead205eec2d739201e209a84c0e6ef8ea608569775cd1341ffd3627c51b98ab |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-db63bf46-1adcd8c466e4.lukitus | 100.34 KB (102750 bytes) |
MD5:
688abd0ab7bde445363c651a8dddb420
SHA1: 3379dd7340fedc09f4c84c0d711bb6be6d97457d SHA256: 77747dc67090ce03d1c92174ae682dfd794f32c0bdaaf3c63146428d65dcd234 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-a2de357b-0dee598770ce.lukitus | 77.40 KB (79253 bytes) |
MD5:
f1897eb375886c29b3bb58cdeb1e6d59
SHA1: 25bd3908d4b46f172731ab4e9884fcaa8fdcf942 SHA256: c5a30b160b8cb332a7b573504c8b11c21f305d53cd4ff816597219e342e253ea |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-5252dc25-66a07229c2e2.lukitus | 35.81 KB (36671 bytes) |
MD5:
9a231b3055fda7177f92291c49411a98
SHA1: 348dcceac3d2f6108b89d72f28538b65778566a5 SHA256: fd019c2bad4d8fd4590e3b280677c3ffb39a437803cb306f8fb0a4db9a323b26 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-ec268a58-9f88b8863de1.lukitus | 64.24 KB (65782 bytes) |
MD5:
8ad153dd6bce94f8d1a84cf049f74600
SHA1: 67346109fc8e0d481ac5e55d0a2ab6a1bbd45e88 SHA256: a418dced3cb9198b0b028347eb57a5042f11d091ae54c507489aca80fe0c286b |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-b8f49f95-f22f2a860953.lukitus | 3.42 KB (3507 bytes) |
MD5:
d1be15064fde393875ec13209434815e
SHA1: c8e39e8e1dfe318ef978a3a35458b0f157355fe6 SHA256: a5146ba4fe73ca7a449fe450af91aea7598b9fd41f0d5a25dafb1a28066a6609 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-ae89f080-8d2cf75e7b09.lukitus | 6.86 KB (7021 bytes) |
MD5:
d53b58628cfcb2f92a628f6801094ee1
SHA1: 948e66ce622efb2421c61b1c01a3bd0b8f0e7c32 SHA256: d5708115123be56a4a45f9ae4ac2885abbb1dbe5f6882f992bb1e8517f1dec54 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-1ce0b2c6-914f0c6c68e9.lukitus | 84.92 KB (86957 bytes) |
MD5:
408a6040b4e2fab164e1d4f4c97ad1a1
SHA1: 9ec4ddb5fb5bcfca0a26e6fa8ab400e255c17d94 SHA256: 2eea8e15ed3234a94f69110e4c946f887ae243104cdb320ee4a296eed8967d93 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-55b2160b-4b57c0d92397.lukitus | 26.00 KB (26623 bytes) |
MD5:
067252106fb22407c3a59bea275016b7
SHA1: 372ca3f7baa13c1682308609bb577a77949aa08b SHA256: dd0afa1260efa943debb2946d304760b340fa68304afe7f16781d9db1c3312e3 |
|
|
c:\users\aetadzjz\desktop\f56924be-9663-41bb-3fcf7e2a-e81a367bf706.lukitus | 83.92 KB (85934 bytes) |
MD5:
838bbff7d30530037e60f0db95b1f4b5
SHA1: 8fef3c275f4a6c95844319921adb2ee8d2216f7d SHA256: 56815971ad0ebe4992e1e5660353bb18b40fc53380450f95988559b5167da304 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-51fecb82-ffcd7a7b4612.lukitus | 3.26 KB (3341 bytes) |
MD5:
5740358983c3e255afe2f3a83be38f45
SHA1: c642ca2aea02126c6dd567f596b235dbd0b065b3 SHA256: 2290a70fe09e2f76ef4c3494a153dc65bb39e5373880b5f2ba8a9d99a5f72843 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\alldt37so 5xcj\f56924be-9663-41bb-b1710be7-dd08c11b7fef.lukitus | 27.45 KB (28108 bytes) |
MD5:
120f764a0532c59275d1f3d9e1f4069e
SHA1: f44f3897b9ab4fca51353df7339b0c53b4198a9b SHA256: ae04d627ac34b01e4e482212de1b7e91248a4b3f6d2da23f3a4eecf9e83b26f1 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-0be52a62-0d79b43742f3.lukitus | 66.79 KB (68390 bytes) |
MD5:
f00c99f41344338948a8770d37d059fa
SHA1: c830e67d96a30de8190ef3f3b92d86ac8a9169e4 SHA256: c32462e95e4fec0464d5c6f518cf42b5e69e8b8053dea4974c7adb2cb4eb8abd |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-5915827a-35cc304703c8.lukitus | 24.39 KB (24978 bytes) |
MD5:
8cb45793aa531604293c54708f0b3572
SHA1: 6324d6e3993c14c1c0f3dbfffa4795fa0ac90355 SHA256: 012aecd1a1d0b90c68671a9de62800bf93fe16fac2748b2f1aaf924f525c0e7e |
|
|
c:\users\aetadzjz\videos\f56924be-9663-41bb-165e2571-3d1f7bcd1a64.lukitus | 85.56 KB (87614 bytes) |
MD5:
bd747e7eaf7f74d4b53075bb89f51e08
SHA1: 6af46424a520289a176c182cdacc0a39f629c600 SHA256: 82c528ec5ceb79cc7d1f5faa47afe50b515ed58e10f66a54799daf6dbae9ca1e |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-ad0f9d60-fc98f622fdaf.lukitus | 14.07 KB (14403 bytes) |
MD5:
bf928ec856820e18f9d3e4138784ebe2
SHA1: d265ea534b0294cd17499d5bc6338ec0c23fe795 SHA256: 8bfdee965a60673890a36a1c123a5f8ddf928bffd51678cf2e31904aa854b17f |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-5221e3eb-ae9961740b1d.lukitus | 41.36 KB (42351 bytes) |
MD5:
5603615584c0bb164ef270554131aa20
SHA1: 8a9d37ae3e1e9a12d95d8382f867c3cbacaf56c7 SHA256: 041effeec859e2a328378b17e2519cde46952e126c65c40088a54eb10ef0c829 |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-11db606c-975b3b3752b2.lukitus | 31.63 KB (32386 bytes) |
MD5:
56f1ae52071314f7e34aa5e9b085f64b
SHA1: 56ae13bb83b07122399af1e7eed28ca10031a26d SHA256: 34edac547b0627a18549a0eef4f8585c64ccd62861c0378c969b32e1859448e7 |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-603c0e3a-fcb2203116a2.lukitus | 16.46 KB (16853 bytes) |
MD5:
61939f055f45fd1446bd80cd43c3b520
SHA1: 3bcc3c022a132c2acfd4dcccc5ef886b2d846fa0 SHA256: 8e42952087b32c6d5f3cbe47288108c6e16fd493375c4de6b2da2c95a2dc55f6 |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-75bcc747-2718c1ed972a.lukitus | 90.17 KB (92339 bytes) |
MD5:
d661c4e7d2f17fe51cf748c5c6106eed
SHA1: acfe817e31f4f0a9b404828db8adaef649ce59e6 SHA256: 9049a85acf7fcf2f967094b5975344796952946f516b5af565b1bbe743529da1 |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-4b0f12d1-ca564f6cf8e9.lukitus | 34.71 KB (35541 bytes) |
MD5:
571fe4aeb25b128c01be131af5144649
SHA1: bb1d78aa67aa148cda814ed8502428ce8b18146d SHA256: a27ba12304af4242a75723280f7fe0994884776a017bce38d909a2d79fac60d2 |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-67143ce2-1f8f7e2fed94.lukitus | 90.62 KB (92792 bytes) |
MD5:
aa53a594fd9c19a4e7f273a52d4feb81
SHA1: f6290016a5495b73f2255b279e7d735b57531f98 SHA256: 5e1dd59328eb93902adddd3cbe6a347b6ae740639b8cb22d057a6379032bbf72 |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-c97e94d5-143f175be5a4.lukitus | 84.71 KB (86743 bytes) |
MD5:
b5ba93e7deef72cbfaae83f2bb8eee05
SHA1: 446e8f6efe27297697efaa26724404e037cd0864 SHA256: 545d7bcd71ecafa39b3f04569e2e22b978293087b176f43ad4b42e08366532d0 |
|
|
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-994d93da-180f73254b26.lukitus | 58.90 KB (60312 bytes) |
MD5:
54db4bafcc17d1e7225c6cb6eb859f8c
SHA1: b943e46ddb39d57d243ba9a9459ce11c4afed928 SHA256: 93acf39189250cffdee9d779d364e4bea2bc59858457ecf0710ce11c8377d83e |
|
|
c:\users\aetadzjz\videos\f56924be-9663-41bb-e7ce6b36-6ff2a591ca6b.lukitus | 53.68 KB (54972 bytes) |
MD5:
f66d6520380c9349940f6709b3ddf1a1
SHA1: 5708b28b11de725c2c19c968284eca8d9d3212e1 SHA256: ffb5e75f62f1e012d9685cbaf5c0409cd3d4ecd5dbb29b9d4ffc194dc0031103 |
|
|
c:\users\aetadzjz\videos\7 hnkoouqhuupb4wbn\f56924be-9663-41bb-f403e2ba-f520d5a5373d.lukitus | 59.92 KB (61356 bytes) |
MD5:
a8d3c25da4a9dfe1c82502e4b938822a
SHA1: bfc59bba3c19965814ea6f4b91b4ab2e17bcc450 SHA256: 8bb20981da5b3d8cf08616fa0121d85f960340c162b667ff2cce872eb660d090 |
|
|
c:\users\aetadzjz\videos\7 hnkoouqhuupb4wbn\f56924be-9663-41bb-6cee6528-76d95b986ef6.lukitus | 99.80 KB (102198 bytes) |
MD5:
b79f218bcd01cb004ea19607b3b166db
SHA1: 600da0e928cf1abd7054c4d32356990dc8d2ecef SHA256: 0861d8b594d309f6173f9b6fbe0233586642808d918920bc1c50aaa58309b19f |
|
|
c:\users\aetadzjz\videos\7 hnkoouqhuupb4wbn\f56924be-9663-41bb-c00efd39-06b140a3fa21.lukitus | 18.76 KB (19215 bytes) |
MD5:
c7b47747946c3556b7518f90c65c2e36
SHA1: 23c412c7b01139a182bd5e63aae60ad2caad00e3 SHA256: 51710ee201327cf74c282bba2ee3f9c94cda50a742b4343d7761059d6345cb66 |
|
|
c:\users\aetadzjz\videos\f56924be-9663-41bb-6295a539-7a67cbeddb7f.lukitus | 61.53 KB (63008 bytes) |
MD5:
3c27319eb253306db714b17203eca4aa
SHA1: 0c369f4de822c4b31ad5ac44ed28cd6c1af5b538 SHA256: 7a408d03b467136cf757e259225c178eae9167bcf0f55c144307d09a239cdd07 |
|
|
c:\users\aetadzjz\videos\gq2odslvtx32ro7-upj\f56924be-9663-41bb-b99ef73a-c9f832abeec4.lukitus | 36.31 KB (37184 bytes) |
MD5:
699483b18d58231bc9fb17b6a309db2d
SHA1: 94fb16af4c4376548de5b21c0e07c85ecdcc8ff4 SHA256: 819d40027e16332a35fcfcdc0e2dc691150b774b733d0bbe8cbf59acd5d3ba95 |
|
|
c:\users\aetadzjz\videos\gq2odslvtx32ro7-upj\f56924be-9663-41bb-65151815-9ca1b64a11e4.lukitus | 27.75 KB (28418 bytes) |
MD5:
cba2f2bf8e9063cce67c432a9bfa59ac
SHA1: a837b39f6943b6ee0d3de4cae96a34d5c3388e77 SHA256: 6811020799539ebeeb594ef725f6447157c1837a3e8b5f3369168ce860511062 |
|
|
c:\users\aetadzjz\videos\gq2odslvtx32ro7-upj\f56924be-9663-41bb-3e6508bd-d29b57d1c2ac.lukitus | 31.41 KB (32159 bytes) |
MD5:
fc0528505b83da7f0838afe43951727d
SHA1: ce35707989f8e3bbd3637f977e417dde2a5bf444 SHA256: dda28e4837bc4c79dc2e74cc808d1659b9580ed31c066bdaf4b57da6c2891eb0 |
|
|
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-d017408c-a1c491103b3c.lukitus | 56.32 KB (57675 bytes) |
MD5:
eb093b328d9293d50baf829d165cbe30
SHA1: 826e1b46ca1566992f40c5b2be6f89613a28fcb6 SHA256: eef94175368709f31f5079f11a6a3450aa4f298ed1eef07f5430c52f3516e28b |
|
|
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-45ed5ae6-c311e03f5420.lukitus | 31.45 KB (32207 bytes) |
MD5:
c4625cf93087a53767363d3f02c9e530
SHA1: 36a42aaf330ce3bad9f9613435a8750b4443fd68 SHA256: 3c813d9ba0c018963546881c63d3dd57c92c4058adf8e9bce799cd89f180cc6d |
|
|
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-5163fd42-2b989a19c670.lukitus | 80.21 KB (82139 bytes) |
MD5:
80b1947b66ae98de244465a9f5a683a7
SHA1: c9e4e4e810ccedaddce1c5b7eab009c91ecd9194 SHA256: 5da3dcaddc06323cd53344a3fddd697d1b9f2d678f8fec9834aeb347db922b06 |
|
|
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-4bd5a65f-19db8aef6518.lukitus | 36.09 KB (36959 bytes) |
MD5:
e32d72bfd844007d427df0c9132e4c22
SHA1: 3dfbc796f87d6cda13dc456ec74df3084a65d774 SHA256: dc2a464f19a3afd37924a1d51cbea7db1b5dbb4f93a45bb1d2a7681e79f80fae |
|
|
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-09d24d7f-1993d32c1fbe.lukitus | 90.54 KB (92713 bytes) |
MD5:
9b6731b3f77a395388bc63e30a5911da
SHA1: e6c16361560652d8b8dcaac9ab29fb4468266b8f SHA256: 083b26bc2e88cf153d42b6f5089d035b44f0e5a266a474b82736426858c4e08c |
|
|
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-b340460a-8184fda16b6e.lukitus | 42.05 KB (43063 bytes) |
MD5:
21f3b01113a99156755c9069aaf01c07
SHA1: 304c3f70532416128806de045683184cc3f76584 SHA256: 018bf8a7fe4c8d8c54590c512b03537b9fd96b621148ef0051993b19fb856025 |
|
|
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-693a5b37-95aafd86e03d.lukitus | 67.79 KB (69414 bytes) |
MD5:
bcbcb1cdbd40ddcae46ab36e8c8518c9
SHA1: 771858b88759f48686c877b9a23c4cd876d018fa SHA256: f2fe751b43659b6210d811d0ecb15a178a3090ce3ba8df5475dbae1785324b0a |
|
|
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-03b5adaf-240c69733345.lukitus | 93.10 KB (95334 bytes) |
MD5:
c24eadb3953d4066b2adc5acaf6a448b
SHA1: 3df74e510303b8f3f7e9df74ab572e42da0b630b SHA256: 64afb51e3699402697d173b45bc1e58a6e49321e06aecece8c01d5c7666760df |
|
|
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-4a8325c8-d3dd48fe9b0e.lukitus | 55.13 KB (56452 bytes) |
MD5:
56643e679f0b7a48d1d2400c481d6e67
SHA1: 444ea7793a3b382e60f62b1db8c5822b8413cff9 SHA256: 51f167799570293e6986b0f4a9403ab1753e81c5ad92c246065cd9ee779001c8 |
|
|
c:\users\aetadzjz\videos\f56924be-9663-41bb-8a8002ee-8eaa9e43ea07.lukitus | 44.07 KB (45132 bytes) |
MD5:
21f75e218d8cebb3151fed997798f097
SHA1: 5bfb09142e763f477f2b43be39d470704d8102e6 SHA256: eb911b9f9ba7e9374dccb891aa3949a9da4b9297cbee558f1dd727e0ee8d91cb |
|
|
c:\users\aetadzjz\videos\f56924be-9663-41bb-6dbb5e47-dbebe7a5fea3.lukitus | 61.15 KB (62617 bytes) |
MD5:
62373a720fcb4497f5f0ddadc676f2d6
SHA1: 5b17b9c8821bd43f499f91ca9e1de7b39ce82474 SHA256: 3f30f28a1a8c1abde66e7604dc4d6650da4378af9d25a79743a3e0f9e57bbe21 |
|
|
c:\users\aetadzjz\videos\f56924be-9663-41bb-113d17d0-3236fcfae43f.lukitus | 14.20 KB (14537 bytes) |
MD5:
6e3921cc546b4007b58cc6228285fa18
SHA1: 6227ac7558249be71b9639fd7165f2a563e1ac98 SHA256: fa60f1a8fcb458396b0b6d35f7f85a57c86f82e15cf74362d0523c5ce534078b |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-451c9042-7acdca4814ef.lukitus | 11.83 KB (12110 bytes) |
MD5:
65e85a90d35220c43e98c9e6a0d1a457
SHA1: 0af57082feb3df53070ed8d5209d786cebb5bb7a SHA256: a779bacaa948aa5a52fa81cccd0ab569526f7ee26f620f3482d329d7b2b2f3c7 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-d6925dac-48972570b93f.lukitus | 15.19 KB (15558 bytes) |
MD5:
d9f0f7dc3adf14a1f811b408c6d47126
SHA1: 16293d9d722cd6943ee639ac37908c961e10e11b SHA256: 3ee535b5e084b25c0ee1ad3d37bae7b8ddd34addb2b1fbe12899a09a73933905 |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-80b53f29-ccf6dcd53775.lukitus | 82.41 KB (84388 bytes) |
MD5:
646e8e0e0aab24e7ecf0e33f802c943c
SHA1: 91428ffa3f3bfd1e3382acc20ac003aefec044bc SHA256: 87799c054f838612a6674db54a58eb518f21e48da61a5289d353c450ec4d4cec |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\hmcn--w\f56924be-9663-41bb-9f971724-7f39278f3e87.lukitus | 25.55 KB (26163 bytes) |
MD5:
d9e667726b2b35a90411d993cc07ebd1
SHA1: 50bf11d477674d1cd6f4ca5297dd5d50e1a7f6f7 SHA256: f770bb0a9edcc9d54123230bcf5bf75dafaae641f33e2b3956e97d749bb657bf |
|
|
c:\users\aetadzjz\desktop\zzg5e5yf\hmcn--w\f56924be-9663-41bb-5c2ab183-dbfca67372b1.lukitus | 6.60 KB (6758 bytes) |
MD5:
2f99738b4fc865ea65d4103f47978aab
SHA1: 357a466e2ef0b71f9f78bc582005ad89f92e9aa0 SHA256: 7aac1bb4236eea8f1ff7cc8855584a5ee941b3260b6aef2ce1c6c9b497f6d554 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-370a4c85-1f80ae0d9c7a.lukitus | 41.24 KB (42234 bytes) |
MD5:
f6ae64125b4601fced0a37e4350104fc
SHA1: 166fac48e9533bf01391c780e2de4ef2508bf79c SHA256: 8c08c19d8810a389585cb5673c40b474e2f7fd74cf72767f214ce2bdcfad13d2 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-b3b4d02e-9e627b39c235.lukitus | 71.85 KB (73576 bytes) |
MD5:
21d6f837de95e3045a4f9c4ed82093d8
SHA1: ec8e7e4c66b653f98ca39f5daaad1a74e4a3f602 SHA256: 9a8a01a76d6bdef3777edc7996970d3532642cecb8fc0e0c700afee1f74880d4 |
|
|
c:\users\aetadzjz\music\f56924be-9663-41bb-1bb670a3-7ca494bb8764.lukitus | 43.04 KB (44073 bytes) |
MD5:
07f2114b7ced323965ffa3ec2b8f0138
SHA1: 9b8142e6832b8f2a5c54163a4e120d2c6b8a0885 SHA256: 5d6d7407daff418ee2354c24a23cda65fc5e985be5f61794d4076cafd4714c16 |
|
|
c:\users\public\music\sample music\f56924be-9663-41bb-e7ed6fe8-82778b4cb908.lukitus | 8.03 MB (8415285 bytes) |
MD5:
709257a80b3b18541487dfa0e6c88ecd
SHA1: e89ad8af75f9ba40dd1e4c1d81b97752a4ee235e SHA256: f1cf2919f4318e27423f9e60717b486d6a4a932bd847a2e86128303c0d1dca9e |
|
|
c:\users\public\music\sample music\f56924be-9663-41bb-fcd298fa-818189779de9.lukitus | 3.92 MB (4114710 bytes) |
MD5:
5b7b91781670dc88fcb3e6bc97d07058
SHA1: 9d222b8020776d85bdd2a4451193ada595156d22 SHA256: b064f2b116e0fad51b4e71ec9dc7a44a7f0bf0ce4a6cba57d7ff6a9f6dd49096 |
|
|
c:\users\public\music\sample music\f56924be-9663-41bb-adc81ce2-94215817fae5.lukitus | 4.62 MB (4843421 bytes) |
MD5:
b3505969d7586b2762b7efa27a13c4d4
SHA1: 41503f95d7fc58a514dc88939bd065d5623d89b2 SHA256: 1500b64cf32e095d3be75da6db2a120291238ec9e61a4b0cd40acfec890140a3 |
|
|
c:\users\public\videos\sample videos\f56924be-9663-41bb-4b442157-696184c15ed5.lukitus | 10.00 MB (10485760 bytes) |
MD5:
f0aab0fac27ec5381894722b56cfcf1d
SHA1: 8fedf2d827c595e483d54c93f5edad64d07a81b2 SHA256: d4c78548aae642cba515ef0ea0dde187e8a9ba95374a5bf1c5dd0da115f5fbd7 |
|
|
c:\users\aetadzjz\contacts\f56924be-9663-41bb-9708d0b4-8ff0aa0a752d.lukitus | 1.97 KB (2014 bytes) |
MD5:
b136ebbd86808f0def58ba9db07b8293
SHA1: 91b7ca75eeae0cb8a25c694f993346cb4a6845eb SHA256: 3f35a29480968a2bff51a10c63c09aa4a37a9acef1187c4de16b012802d39716 |
|
|
c:\programdata\mozilla\logs\f56924be-9663-41bb-8141530e-5b53d2beefeb.lukitus | 0.98 KB (1000 bytes) |
MD5:
28e3f1ee8d1f89dd67c5cbeb38519b59
SHA1: 9997c51e0da6f8877b561d18349ddd33da33572a SHA256: f4067ce0d6499fe8e49d157758bbc2392f0007ff2505a529622ba3d61e0a5a69 |
|
|
c:\programdata\microsoft\rac\publisheddata\f56924be-9663-41bb-e502c16e-31b2bdf7f726.lukitus | 468.82 KB (480068 bytes) |
MD5:
4fd473699b4e1a06e46ee3b3d3b49fcb
SHA1: b78f6610bfee61249f4d11588c5a1fbb261d24e7 SHA256: 3e65a3ccc624929cc36e5f73078af23289073b124737716b03a5675d405797a3 |
|
|
c:\users\aetadzjz\documents\f56924be-9663-41bb-3e83206b-222a0eae7c38.lukitus | 352.82 KB (361284 bytes) |
MD5:
000f0ecf36a612c28663beebd117ae15
SHA1: a32a40c1d2818937ebf40053b7ac1baea2cc9443 SHA256: 1c7f13fbe2f8107fabc8d88cf0959fc9327bc7c3adac817203f91a630ee2883a |
|
|
c:\users\aetadzjz\contacts\f56924be-9663-41bb-75322ebb-be90a9784f44.lukitus | 1.96 KB (2008 bytes) |
MD5:
482c4a0d2f15c328cfdad3eb83ac896e
SHA1: 533578ce5d74c6c59c63374c03571b7a577f3bf1 SHA256: 5410a819c15ea7c8e7e3d2012c684cccf4cc9e15a6a16f68efe60afcfba57a8b |
|
|
c:\users\aetadzjz\contacts\f56924be-9663-41bb-7bce8b0a-b14ed50b7b3a.lukitus | 1.96 KB (2010 bytes) |
MD5:
562510b6f31bb8ded7335a656e4322d6
SHA1: b2d406452e805aa230cf72cc8d1299adcf875ffd SHA256: fb89ad7ea3352472d4f1e45e12049ec46907a5dadf7680684cd39022bdb9cb73 |
|
|
c:\users\aetadzjz\contacts\f56924be-9663-41bb-432d0a28-59fa3e7273df.lukitus | 1.97 KB (2013 bytes) |
MD5:
c86b88bbaa105cb200629e054eba49f2
SHA1: 686e61001db4019dcb1686a47b3e44f8e12ed65e SHA256: f3b4c7e3ea7102f2b717ca08384b058c1eed0392592e88d53faff45c2d2cc8af |
|
|
c:\users\aetadzjz\contacts\f56924be-9663-41bb-e1736bf8-b7b89fce74b3.lukitus | 1.96 KB (2007 bytes) |
MD5:
1c91b3916354c9c534daff8d7f1158ce
SHA1: 35c1cfc74e4c3808e68a5d1beb34304438d9f5d6 SHA256: 9027a85c890092741d89f8e642dd731d112816a1a53497ddb8b6c053dbb1e54d |
|
|
c:\users\aetadzjz\contacts\f56924be-9663-41bb-b8822c87-6d1307967b76.lukitus | 67.60 KB (69218 bytes) |
MD5:
0ec7928e304746303c71dc29961aa791
SHA1: 5028d1a5874c2a8c7c5b92d2f391d7bf6779d207 SHA256: 8027ddac200942373f2a5b6668ed49af4ad946086e19ddc6a1323d4c8fe32410 |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\programdata\microsoft\rac\publisheddata\racwmidatabase.sdf | 468.00 KB (479232 bytes) |
MD5:
80039ca09841855c3ee8ec73cd941036
SHA1: 4480cc705cd39cf26adc2f7cd58561cd92e691fd SHA256: 1515834129378b5fd8759b35c1561ae7413b34d6879c5ad6f10cb9828de77201 |
|
|
c:\programdata\adobe\arm\reader_10.0.0\adobearm.bin | 374.33 KB (383312 bytes) |
MD5:
8ded640a6e355cadf1df2b462bda48e1
SHA1: f0dbde76b2c3ca0e60ff37ae5eab2204978f420c SHA256: dc155298478f78533c31b2d2093dfb992ed2b2ee957d753a032ef053bcce110d |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
Environment | Set Environment String | name = uulkmabdgqks, value = uulkmabdgqks | 2 |
Fn
|
|
Environment | Get Environment String | name = 杧晱汳扭 | 2 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
Environment | Get Environment String | name = 杧晱汳扭 | 1 |
Fn
|
|
Module | Load | module_name = eappgnui.dll, base_address = 0x74ab0000 | 1 |
Fn
|
|
Environment | Set Environment String | name = uulkmabdgqks, value = uulkmabdgqks | 2 |
Fn
|
|
Module | Load | module_name = gfppgnui.dll, base_address = 0x0 | 1 |
Fn
|
|
Environment | Get Environment String | name = 杧晱汳扭 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x751fd9e0 | 1 |
Fn
|
|
System | Get Computer Name | result_out = YKYD69Q, type = ComputerNameNetBIOS | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x751e4a2d | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x773de026 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x751e14c9 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x751e110c | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x751e1136 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x751e192e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x751e170d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address_out = 0x751fd5e5 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameW, address_out = 0x7520d1b6 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointA, address_out = 0x7526b71d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetWindowsDirectoryA, address_out = 0x75202b0a | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x751e103d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x751e4435 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x751e1809 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x751e4442 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeviceIoControl, address_out = 0x751e322f | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x773d2270 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x773d22b0 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x773e45f5 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x773e2c42 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x751e5371 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x751e418b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x751fc860 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDiskFreeSpaceExW, address_out = 0x751fd50f | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x751e54ee | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x751e34d5 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x751e2d3c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventA, address_out = 0x751e328c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x751fd4dc | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x751e4950 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x751e7a10 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindAtomA, address_out = 0x751fede4 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFindAtomA, address_out = 0x7520d358 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAddAtomA, address_out = 0x75200526 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddAtomA, address_out = 0x751fed6e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x751e3519 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x751e44ab | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MulDiv, address_out = 0x751e1b80 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexA, address_out = 0x751fec6f | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadPriority, address_out = 0x751e32bb | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x751e17ec | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x7520830d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLangID, address_out = 0x751fd5fd | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7520d346 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x751e87c9 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x751e1b00 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x751e1410 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x751e3ed3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x751e1282 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x751e469b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x751e59e2 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x751e17d1 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x751fecbb | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x751e3f5c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x751e89b3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileExW, address_out = 0x751f9b2d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x751e3509 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x751e5a4b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x751e492b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x773f1f6e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x751e11f8 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x751e1725 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x751e3531 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x751e1916 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleCount, address_out = 0x751ecb29 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x751e51e3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x751e51cb | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x751e14b1 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualQuery, address_out = 0x751e445a | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x751e1946 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x751e17b9 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x751fd4f7 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesExW, address_out = 0x751e4574 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x751e34c8 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x751e49d7 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address_out = 0x751e13f0 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x751e10ff | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x751e110c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x751e11c0 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x751e5063 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x751e186e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x751e1222 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x751e1245 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x751e1856 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x751e4a2d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x751e51b3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x751fd802 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x751e4a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x7520772f | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x751e4493 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7520d1a1 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x751e179c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x751e5189 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x773e3002 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x751e1450 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x751e11a9 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x751e34b0 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x751e1400 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x751e3587 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x751e14fb | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x751e11e0 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x751e49ad | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x751e5235 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x751e4d40 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x751e5651 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x751e51a1 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x751e14c9 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x773de026 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address_out = 0x751e58a6 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address_out = 0x7520d1c3 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x76f10000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x76f3779b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x76f1dfc8 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x76f1e124 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x76f240e6 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclA, address_out = 0x76f615e9 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x76f24620 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x76f2415e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x76f2412e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x76f1c532 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextA, address_out = 0x76f191dd | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueA, address_out = 0x76f3a4ea | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x76f214d6 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x76f214b3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AccessCheck, address_out = 0x76f1ca3c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = MapGenericMask, address_out = 0x76f37a73 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = DuplicateToken, address_out = 0x76f1c7e6 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x76f2432c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetFileSecurityW, address_out = 0x76f1a94d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetKeyParam, address_out = 0x76f377cb | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptSetHashParam, address_out = 0x76f53248 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x76f1df4e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x76f1df66 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x76f1df7e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x76f1df36 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetTokenInformation, address_out = 0x76f19a92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x76f24304 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EqualSid, address_out = 0x76f2410b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x76f2431c | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x76f2469d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x76f24907 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x76f1c51a | 1 |
Fn
|
|
Module | Get Handle | module_name = MPR.dll, base_address = 0x0 | 1 |
Fn
|
|
Module | Load | module_name = MPR.dll, base_address = 0x74a90000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x74a92dd6 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetAddConnection2W, address_out = 0x74a94744 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x74a92f06 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x74a93058 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\shell32.dll, base_address = 0x75cf0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75d03c71 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75d75708 | 1 |
Fn
|
|
Module | Get Handle | module_name = WININET.dll, base_address = 0x0 | 1 |
Fn
|
|
Module | Load | module_name = WININET.dll, base_address = 0x75ba0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75bad075 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75bbab49 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75bb75e8 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75bb1b56 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75bcf18e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75bc49e9 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75bc4c7d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75c318f8 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestExA, address_out = 0x75c31812 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpEndRequestA, address_out = 0x75bd45ea | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75bba33e | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75bbb406 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetWriteFile, address_out = 0x75bd46da | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpAddRequestHeadersA, address_out = 0x75bbdcd2 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x76b20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SetBkMode, address_out = 0x76b351a2 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76b34de0 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SetTextColor, address_out = 0x76b3522d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDIBits, address_out = 0x76b36001 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76b34f70 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x76b354f4 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x76b358b3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateFontA, address_out = 0x76b3d0e8 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateSolidBrush, address_out = 0x76b34f17 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetObjectA, address_out = 0x76b385d4 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76b35689 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76b35f49 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x76e10000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetDC, address_out = 0x76e272c4 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = ReleaseDC, address_out = 0x76e27446 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawTextW, address_out = 0x76e325cf | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = FillRect, address_out = 0x76e30eb6 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x76e27d2f | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x76e290d3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = FrameRect, address_out = 0x76e3899d | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x74f70000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x74fb86d3 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x74fb9d0b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeSecurity, address_out = 0x74f97259 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x74fb09ad | 1 |
Fn
|
|
Module | Get Handle | module_name = NETAPI32.dll, base_address = 0x0 | 1 |
Fn
|
|
Module | Load | module_name = NETAPI32.dll, base_address = 0x74a70000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = DsRoleGetPrimaryDomainInformation, address_out = 0x74a31f3d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\netapi32.dll, function = DsRoleFreeMemory, address_out = 0x74a319a9 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\urlmon.dll, base_address = 0x753b0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x753e1d76 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x75520000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x75523ed5 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x75523e59 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 149, address_out = 0x755246a5 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x75523eae | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x75524642 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 150, address_out = 0x75524731 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\users\aetadzjz\appdata\local\temp\agraba8.exe, base_address = 0x400000 | 1 |
Fn
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:20 (UTC) | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x751e4f2b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x751e1252 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x751e4208 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x751e359f | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 1 |
Fn
|
|
Environment | Get Environment String | 1 |
Fn
Data
|
||
Module | Get Filename | module_name = NETAPI32.dll, process_name = c:\users\aetadzjz\appdata\local\temp\agraba8.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, size = 260 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\users\aetadzjz\appdata\local\temp\agraba8.exe, base_address = 0x400000 | 1 |
Fn
|
|
System | Sleep | duration = 31000 milliseconds (31.000 seconds) | 1 |
Fn
|
|
Module | Get Filename | module_name = NETAPI32.dll, process_name = c:\users\aetadzjz\appdata\local\temp\agraba8.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, size = 520 | 1 |
Fn
|
|
System | Get Info | type = Windows Directory, result_out = C:\Windows | 1 |
Fn
|
|
Mutex | Open | mutex_name = Global\Ga6a7a:a3a5aCaFa:a7a7a4a5a2aCaCa, desired_access = SYNCHRONIZE | 1 |
Fn
|
|
Mutex | Open | mutex_name = Local\Ga6a7a:a3a5aCaFa:a7a7a4a5a2aCaCa, desired_access = SYNCHRONIZE | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x751e195e | 1 |
Fn
|
|
Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_DIRECT | 1 |
Fn
|
|
Inet | Open Connection | protocol = HTTP, server_name = 212.109.220.109, server_port = 80 | 1 |
Fn
|
|
Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /imageload.cgi, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Inet | Add HTTP Request Headers | headers = Accept: */* Accept-Language: en-us Referer: http://212.109.220.109/ x-requested-with: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cache-Control: no-cache | 1 |
Fn
|
|
Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 212.109.220.109/imageload.cgi | 1 |
Fn
Data
|
|
Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Inet | Read Response | size = 348, size_out = 348 | 1 |
Fn
Data
|
|
Inet | Close Session | 2 |
Fn
|
||
Inet | Open Connection | protocol = HTTP, server_name = 212.109.220.109, server_port = 80 | 1 |
Fn
|
|
Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /imageload.cgi, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Inet | Add HTTP Request Headers | headers = Accept: */* Accept-Language: en-us Referer: http://212.109.220.109/ x-requested-with: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cache-Control: no-cache | 1 |
Fn
|
|
Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 212.109.220.109/imageload.cgi | 1 |
Fn
Data
|
|
Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Inet | Read Response | size = 1217, size_out = 1217 | 1 |
Fn
Data
|
|
Inet | Close Session | 2 |
Fn
|
||
Inet | Open Connection | protocol = HTTP, server_name = 212.109.220.109, server_port = 80 | 1 |
Fn
|
|
Inet | Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /imageload.cgi, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD | 1 |
Fn
|
|
Inet | Add HTTP Request Headers | headers = Accept: */* Accept-Language: en-us Referer: http://212.109.220.109/ x-requested-with: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cache-Control: no-cache | 1 |
Fn
|
|
Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 212.109.220.109/imageload.cgi | 1 |
Fn
Data
|
|
Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4 | 1 |
Fn
Data
|
|
Inet | Read Response | size = 9114, size_out = 9114 | 1 |
Fn
Data
|
|
Inet | Close Session | 2 |
Fn
|
||
Module | Load | module_name = vssapi.dll, base_address = 0x743d0000 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = CreateVssBackupComponentsInternal, address_out = 0x743ed400 | 1 |
Fn
|
|
Module | Get Address | module_name = Unknown module name, function = VssFreeSnapshotPropertiesInternal, address_out = 0x743e77f9 | 1 |
Fn
|
|
System | Get Info | type = System Directory, result_out = C:\Windows\system32 | 1 |
Fn
|
|
System | Sleep | duration = 10 milliseconds (0.010 seconds) | 8 |
Fn
|
|
COM | Create | interface = 2FABA4C7-4DA9-4013-9697-20CC3FD40F85, cls_context = CLSCTX_INPROC_SERVER | 1 |
Fn
|
|
File | Create | filename = C:\Users\aETAdzjz\Desktop\lukitus.htm, desired_access = GENERIC_WRITE, GENERIC_READ | 1 |
Fn
|
|
Driver | Control | driver_name = C:\Users\aETAdzjz\Desktop\lukitus.htm, control_code = 0x9c040 | 1 |
Fn
|
|
File | Write | filename = C:\Users\aETAdzjz\Desktop\lukitus.htm, size = 8874 | 1 |
Fn
|
|
File | Create | filename = C:\Users\aETAdzjz\Desktop\lukitus.bmp, desired_access = GENERIC_WRITE, GENERIC_READ | 1 |
Fn
|
|
Driver | Control | driver_name = C:\Users\aETAdzjz\Desktop\lukitus.bmp, control_code = 0x9c040 | 1 |
Fn
|
|
File | Write | filename = C:\Users\aETAdzjz\Desktop\lukitus.bmp, size = 3721466 | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Control Panel\Desktop | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = WallpaperStyle, data = 0, size = 2, type = REG_SZ | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = TileWallpaper, data = 0, size = 2, type = REG_SZ | 1 |
Fn
|
|
Process | Create | process_name = C:\Users\aETAdzjz\Desktop\lukitus.htm, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Process | Create | process_name = C:\Users\aETAdzjz\Desktop\lukitus.bmp, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Module | Get Filename | module_name = NETAPI32.dll, process_name = c:\users\aetadzjz\appdata\local\temp\agraba8.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, size = 520 | 1 |
Fn
|
|
File | Move | source_filename = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, flags = MOVEFILE_DELAY_UNTIL_REBOOT | 1 |
Fn
|
|
Process | Create | process_name = cmd.exe /C del /Q /F "C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe", os_pid = 0x7b0, creation_flags = CREATE_NEW_CONSOLE, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-B1DC6762-4F6CBAB10E0B.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls, size = 82943, size_out = 82943 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls, size = 82943 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\lukitus-2446.htm, desired_access = GENERIC_WRITE, GENERIC_READ | 1 |
Fn
|
|
Driver | Control | driver_name = c:\Users\aETAdzjz\Documents\lukitus-2446.htm, control_code = 0x9c040 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\lukitus-2446.htm, size = 8874 | 1 |
Fn
Data
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1FC77E46-75D0D332D675.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx, size = 17514, size_out = 17514 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx, size = 17514 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-F71E2D7C-1A58C58CDE47.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls, size = 29538, size_out = 29538 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls, size = 29538 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\lukitus-547b.htm, desired_access = GENERIC_WRITE, GENERIC_READ | 1 |
Fn
|
|
Driver | Control | driver_name = c:\Users\aETAdzjz\Documents\Fwkh\lukitus-547b.htm, control_code = 0x9c040 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\lukitus-547b.htm, size = 8874 | 1 |
Fn
Data
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-68C82DF1-14B4D804BD61.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods, size = 69798, size_out = 69798 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods, size = 69798 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\~$098073.doc, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\~$098073.doc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\~$098073.doc, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-49CF61EE-57465675BB4A.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\~$098073.doc, size = 162, size_out = 162 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\~$098073.doc, size = 162 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\~$098073.doc, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\lukitus-b59f.htm, desired_access = GENERIC_WRITE, GENERIC_READ | 1 |
Fn
|
|
Driver | Control | driver_name = c:\Users\aETAdzjz\Desktop\lukitus-b59f.htm, control_code = 0x9c040 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\lukitus-b59f.htm, size = 8874 | 1 |
Fn
Data
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1E43A153-B4FA5BD13C64.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx, size = 59012, size_out = 59012 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx, size = 59012 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-746C6C5A-DDDAFA9FE1BD.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx, size = 88548, size_out = 88548 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx, size = 88548 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-D050F35D-DF08FE665915.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots, size = 77549, size_out = 77549 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots, size = 77549 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-6562EF8E-9356A0B9D778.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods, size = 6767, size_out = 6767 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods, size = 6767 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-02DDBB2E-DDA7EEF606E5.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx, size = 75709, size_out = 75709 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx, size = 75709 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\098073.doc, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\098073.doc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\098073.doc, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-93FF195C-3BB52D679DDB.lukitus, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\098073.doc, size = 49622, size_out = 49622 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-93FF195C-3BB52D679DDB.lukitus, size = 49622 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-93FF195C-3BB52D679DDB.lukitus, size = 836 | 1 |
Fn
Data
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\098073.doc, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\098073.doc, destination_filename = c:\Users\aETAdzjz\Desktop\0619171273D7A52EB51EE135D94A8C63.tmp, flags = MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Delete | filename = c:\Users\aETAdzjz\Desktop\098073.doc | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-DD1F464E-1D4279836981.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt, size = 80763, size_out = 80763 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt, size = 80763 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-7CCB072C-C1747AEA88B6.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx, size = 95572, size_out = 95572 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx, size = 95572 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\GQc8.ots, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\GQc8.ots, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\GQc8.ots, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-6F1F87E1-0611DE322330.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\GQc8.ots, size = 84647, size_out = 84647 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\GQc8.ots, size = 84647 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\GQc8.ots, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2, destination_filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\F56924BE-9663-41BB-93122862-1B3365D6FC4A.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2, size = 6184, size_out = 6184 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2, size = 6184 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7F7DF4F3-FEE5A0F835D8.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp, size = 62576, size_out = 62576 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp, size = 62576 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-42DA6451-74994B3B23EB.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx, size = 34902, size_out = 34902 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx, size = 34902 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-E0725B46-87EAD7FBFED8.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots, size = 88392, size_out = 88392 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots, size = 88392 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-527C0C14-E324030A4A6E.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt, size = 100286, size_out = 100286 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt, size = 100286 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-526E1A2B-128166908518.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx, size = 61637, size_out = 61637 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx, size = 61637 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\izRfTW.odt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\izRfTW.odt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\izRfTW.odt, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-15FBD8AA-4D0A91F58ED4.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\izRfTW.odt, size = 41542, size_out = 41542 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\izRfTW.odt, size = 41542 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\izRfTW.odt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:47 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-F1FCDEAA-FF7F06504774.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx, size = 71911, size_out = 71911 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx, size = 71911 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\C5Ehab.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\C5Ehab.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\C5Ehab.pptx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1D9844F4-6DCE132FA911.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\C5Ehab.pptx, size = 98683, size_out = 98683 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\C5Ehab.pptx, size = 98683 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\C5Ehab.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-988E0A99-75C5268FA982.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt, size = 56144, size_out = 56144 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt, size = 56144 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-14D6A72B-E51A5D5DC391.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt, size = 6876, size_out = 6876 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt, size = 6876 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-65272A78-F5925D3FA2A8.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx, size = 68637, size_out = 68637 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx, size = 68637 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-CE32CC3F-EBE8612BBB20.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx, size = 80410, size_out = 80410 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx, size = 80410 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-CDA913E8-271056AB5827.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx, size = 50853, size_out = 50853 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx, size = 50853 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-BA7682C3-CEEF9FBF020C.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp, size = 5518, size_out = 5518 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp, size = 5518 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-FDD27FFA-D0B0AF905888.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx, size = 54803, size_out = 54803 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx, size = 54803 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst, destination_filename = c:\Users\aETAdzjz\Documents\Outlook Files\F56924BE-9663-41BB-612962EE-CDA06FAA83D1.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst, size = 271360, size_out = 271360 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst, size = 271360 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-8C112ABD-8E26AA86B08A.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt, size = 98151, size_out = 98151 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt, size = 98151 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-02ED3F77-9C606D75C05C.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt, size = 13106, size_out = 13106 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt, size = 13106 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-781DE6A6-E5A7705BB692.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots, size = 73520, size_out = 73520 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots, size = 73520 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7B55CF77-61F436AD3E42.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt, size = 72369, size_out = 72369 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt, size = 72369 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-A771A452-48DD4BA9679E.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx, size = 92741, size_out = 92741 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx, size = 92741 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-B282F5D6-2A6D69715153.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods, size = 100583, size_out = 100583 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods, size = 100583 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-3A6DB1CA-755757C28FE3.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx, size = 25656, size_out = 25656 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx, size = 25656 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-A9142EC9-2EFEBC30ADE8.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp, size = 84663, size_out = 84663 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp, size = 84663 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls, destination_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\F56924BE-9663-41BB-D65A438B-83DFABBB8CED.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls, size = 70388, size_out = 70388 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls, size = 70388 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-BB96571E-96BBD2C0A8B9.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls, size = 48289, size_out = 48289 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls, size = 48289 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-41FC6DD4-65A22D7F605C.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls, size = 92710, size_out = 92710 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls, size = 92710 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt, destination_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\F56924BE-9663-41BB-6C56A97B-E7E6A4AA125B.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt, size = 42819, size_out = 42819 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt, size = 42819 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-A60CE289-E55A447535D2.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots, size = 22653, size_out = 22653 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots, size = 22653 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-21F0CA53-F69E38A75CC4.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls, size = 53912, size_out = 53912 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls, size = 53912 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-4B69E5A7-F60E62FE4654.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx, size = 14691, size_out = 14691 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx, size = 14691 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-541108F9-2DA524F314C7.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp, size = 74661, size_out = 74661 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp, size = 74661 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-43743AB0-5B4F9943C7B9.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx, size = 63863, size_out = 63863 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx, size = 63863 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-3F7EEA71-EEAB13681EBA.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf, size = 49299, size_out = 49299 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf, size = 49299 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-44E29957-51107F7F4923.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx, size = 23858, size_out = 23858 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx, size = 23858 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-B70504B4-E9A7156822C1.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps, size = 11101, size_out = 11101 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps, size = 11101 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-3C30F310-5C6049E3F1C5.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps, size = 102358, size_out = 102358 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps, size = 102358 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-88736A33-A73FD1B5DB9A.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx, size = 77434, size_out = 77434 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx, size = 77434 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-49600478-A7543DF24F7D.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf, size = 39725, size_out = 39725 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf, size = 39725 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Clg5pDW.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Clg5pDW.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Clg5pDW.docx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7B6AFC43-B245CC6E1DD0.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Clg5pDW.docx, size = 20217, size_out = 20217 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Clg5pDW.docx, size = 20217 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Clg5pDW.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-026B0F52-B0EE23B731C2.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf, size = 25565, size_out = 25565 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf, size = 25565 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-71AD6E57-D734BC0DC073.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx, size = 55804, size_out = 55804 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx, size = 55804 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7B4E72C9-EC40CC1387F6.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf, size = 60562, size_out = 60562 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf, size = 60562 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-B233076A-F3F69BE0DE98.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf, size = 57579, size_out = 57579 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf, size = 57579 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-B0D08948-4AFDF1D5A73F.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf, size = 46398, size_out = 46398 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf, size = 46398 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\r1_647.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\r1_647.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\r1_647.docx, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-E6373D05-052CD23B85B0.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\r1_647.docx, size = 55234, size_out = 55234 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\r1_647.docx, size = 55234 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\r1_647.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-0B1192D3-83011F532CB4.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx, size = 99570, size_out = 99570 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx, size = 99570 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-0BD9344F-59E2FD1B8612.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps, size = 37106, size_out = 37106 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps, size = 37106 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-16AC9B2B-CF64176B99FB.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx, size = 85140, size_out = 85140 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx, size = 85140 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps, destination_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\F56924BE-9663-41BB-6533C1E4-C0738507F428.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps, size = 94902, size_out = 94902 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps, size = 94902 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\czmBJ.docx, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\czmBJ.docx, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\czmBJ.docx, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-D49BF973-E058168B454F.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\czmBJ.docx, size = 34730, size_out = 34730 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\czmBJ.docx, size = 34730 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\czmBJ.docx, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Create | filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Create | filename = c:\ProgramData\Sun\Java\Java Update\F56924BE-9663-41BB-0FD4E971-761D2214F09F.lukitus, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL | 1 |
Fn
|
|
File | Read | filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml, size = 119, size_out = 119 | 1 |
Fn
Data
|
|
File | Write | filename = c:\ProgramData\Sun\Java\Java Update\F56924BE-9663-41BB-0FD4E971-761D2214F09F.lukitus, size = 119 | 1 |
Fn
Data
|
|
File | Write | filename = c:\ProgramData\Sun\Java\Java Update\F56924BE-9663-41BB-0FD4E971-761D2214F09F.lukitus, size = 836 | 1 |
Fn
Data
|
|
File | Create | filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml, destination_filename = c:\ProgramData\Sun\Java\Java Update\72B0CBD499699DC37CF7F45B885A2C21.tmp, flags = MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Delete | filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-13F942E8-48EB76E84F48.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv, size = 15666, size_out = 15666 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv, size = 15666 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-29A7DC8C-DFC0E8056306.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv, size = 14414, size_out = 14414 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv, size = 14414 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv, destination_filename = c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-44CE3CD7-AFD504F36697.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv, size = 46593, size_out = 46593 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv, size = 46593 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv, destination_filename = c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1BCB39FD-C93E3B4C590B.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv, size = 74950, size_out = 74950 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv, size = 74950 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-8EC36E5C-CA39E2CA23E1.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg, size = 21951, size_out = 21951 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg, size = 21951 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-DB3A9C6C-B4A2996D18E4.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, size = 321653, size_out = 321653 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, size = 321653 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-63F06B4D-40748180C2C9.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, size = 70996, size_out = 70996 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, size = 70996 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-2128228C-3EF411E166F1.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, size = 251414, size_out = 251414 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, size = 251414 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-7D28049F-CA2DC98D9072.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg, size = 68399, size_out = 68399 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg, size = 68399 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-D0039C86-9E680BA77E12.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, size = 256543, size_out = 256543 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, size = 256543 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-16DB964B-DDB43481F1DB.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg, size = 99055, size_out = 99055 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg, size = 99055 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-8EA4D603-5A2874FAE3FC.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, size = 36988, size_out = 36988 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, size = 36988 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-BEA9B2D7-58D4FA770E74.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, size = 253547, size_out = 253547 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, size = 253547 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-34C63D6D-4A50106C55BE.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg, size = 1600, size_out = 1600 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg, size = 1600 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-6AE0090E-6CDCB46C0311.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg, size = 15393, size_out = 15393 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg, size = 15393 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:48 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-3B2B7F6F-812656DF84C6.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg, size = 67072, size_out = 67072 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg, size = 67072 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-FA0D154B-245888D727E3.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg, size = 64252, size_out = 64252 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg, size = 64252 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-85AB3CAB-1A0670314428.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, size = 96600, size_out = 96600 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, size = 96600 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-1753EF9E-5A7F628573FD.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg, size = 24454, size_out = 24454 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg, size = 24454 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg, destination_filename = c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-6EDC54F4-2A6316BC2A6D.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg, size = 82981, size_out = 82981 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg, size = 82981 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, destination_filename = c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-AD1CA3C0-3165AB58AF89.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 524288, size_out = 524288 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 524288 | 1 |
Fn
Data
|
|
File | Read | filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 355106, size_out = 355106 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 355106 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-5D8CB0E5-0F44328ECAF2.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif, size = 88452, size_out = 88452 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif, size = 88452 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-0725FD16-48003B943989.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp, size = 90257, size_out = 90257 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp, size = 90257 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-21EA5F2C-8701A72F2220.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp, size = 98092, size_out = 98092 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp, size = 98092 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-5EEEF7E5-307233FEB153.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png, size = 100902, size_out = 100902 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png, size = 100902 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-105FD1E1-6C6BE53496EA.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp, size = 68668, size_out = 68668 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp, size = 68668 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-0DCFA9E5-FAF41D841F89.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif, size = 59571, size_out = 59571 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif, size = 59571 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-4FE46AF0-E6208DFC4337.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp, size = 57837, size_out = 57837 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp, size = 57837 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif, destination_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\F56924BE-9663-41BB-8EBDCA29-FD38B8601764.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif, size = 86862, size_out = 86862 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif, size = 86862 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif, destination_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\F56924BE-9663-41BB-BFE5064B-970C8F5A0518.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif, size = 15539, size_out = 15539 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif, size = 15539 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\uoE18q.png, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\uoE18q.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\uoE18q.png, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-85A5B08A-605B60B6EBD6.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\uoE18q.png, size = 71370, size_out = 71370 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\uoE18q.png, size = 71370 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\uoE18q.png, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif, destination_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-88881914-B3AE12B46247.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif, size = 11216, size_out = 11216 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif, size = 11216 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp, destination_filename = c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-786F2966-85DD58079D16.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp, size = 71496, size_out = 71496 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp, size = 71496 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp, destination_filename = c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-160875AB-8C16168EF4DD.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp, size = 34625, size_out = 34625 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp, size = 34625 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp, destination_filename = c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-169E6313-C430F979B7E3.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp, size = 94889, size_out = 94889 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp, size = 94889 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png, destination_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-ED8E90B1-C99EEB3CD344.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png, size = 30262, size_out = 30262 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png, size = 30262 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp, destination_filename = c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-D8D6A0BE-1EEB096F86F6.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp, size = 77703, size_out = 77703 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp, size = 77703 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-C18F2589-5C71BF4F3255.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png, size = 55731, size_out = 55731 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png, size = 55731 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png, destination_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-A5D5084D-DECB3B0C7615.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png, size = 35006, size_out = 35006 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png, size = 35006 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-A080FC17-79D47057B610.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif, size = 34256, size_out = 34256 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif, size = 34256 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif, destination_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-1D9631E8-90BF411C2FEE.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif, size = 38895, size_out = 38895 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif, size = 38895 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif, destination_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-8B683683-04F707D56484.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif, size = 8996, size_out = 8996 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif, size = 8996 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif, destination_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-ECB96FE5-208908824DC6.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif, size = 63351, size_out = 63351 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif, size = 63351 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-61116ECA-F6682086BE7A.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif, size = 23999, size_out = 23999 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif, size = 23999 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-0A72E3E6-09C6BD33AE22.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif, size = 77109, size_out = 77109 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif, size = 77109 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp, destination_filename = c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-0F2DB1B7-ADEA5382834B.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp, size = 2784, size_out = 2784 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp, size = 2784 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-97BFBCF8-B516116E07DA.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav, size = 61835, size_out = 61835 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav, size = 61835 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\dOHwDq.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\dOHwDq.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\dOHwDq.wav, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-9D05EF54-2DBBB8A0A892.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\dOHwDq.wav, size = 65814, size_out = 65814 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\dOHwDq.wav, size = 65814 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\dOHwDq.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-9260E0D0-755888374530.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a, size = 62682, size_out = 62682 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a, size = 62682 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-753475AC-25E968E13AF6.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3, size = 17231, size_out = 17231 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3, size = 17231 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-3BB4B2F2-CD9A31BA95F9.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3, size = 28075, size_out = 28075 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3, size = 28075 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\j-scGKW u_.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\j-scGKW u_.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\j-scGKW u_.wav, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-67A2C15B-ACE8513D7DCF.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\j-scGKW u_.wav, size = 24045, size_out = 24045 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\j-scGKW u_.wav, size = 24045 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\j-scGKW u_.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-1D8398A0-B0F041BD0889.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav, size = 40562, size_out = 40562 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav, size = 40562 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-26890357-3E98A81805A4.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a, size = 7822, size_out = 7822 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a, size = 7822 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-920974EC-CC3AB8381775.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3, size = 36816, size_out = 36816 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3, size = 36816 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\NzdrgktZ.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\NzdrgktZ.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\NzdrgktZ.mp3, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-2DAADF60-E156096DA44F.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\NzdrgktZ.mp3, size = 54168, size_out = 54168 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\NzdrgktZ.mp3, size = 54168 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\NzdrgktZ.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3, destination_filename = c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-F0395898-EB4252148408.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3, size = 68580, size_out = 68580 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3, size = 68580 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-7C24AE20-0A25AA91C989.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3, size = 79852, size_out = 79852 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3, size = 79852 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-FA254207-48D9BC68F536.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav, size = 30655, size_out = 30655 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav, size = 30655 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-3FFD1798-470C2125EAB8.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a, size = 1863, size_out = 1863 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a, size = 1863 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-7FC86D39-EF25D3B23399.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a, size = 14012, size_out = 14012 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a, size = 14012 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-8E846290-5233B81C7D00.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3, size = 93745, size_out = 93745 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3, size = 93745 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-F4705DFD-535CF3EF79B9.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a, size = 81161, size_out = 81161 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a, size = 81161 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-E9F295FD-1189F8AFFE87.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav, size = 10061, size_out = 10061 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav, size = 10061 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-BCF63BC1-5BBE68E793E7.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a, size = 53131, size_out = 53131 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a, size = 53131 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-6A36D603-50F4DEB3E87F.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a, size = 71497, size_out = 71497 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a, size = 71497 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-952D529B-BD0BE8B63751.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav, size = 35262, size_out = 35262 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav, size = 35262 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-B0BB4DF0-6CF812A4840D.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3, size = 66820, size_out = 66820 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3, size = 66820 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-9BD64C04-AD5D37A21037.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3, size = 48911, size_out = 48911 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3, size = 48911 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-873FF873-535F0466EFF8.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav, size = 50469, size_out = 50469 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav, size = 50469 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
File | Move | source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a, destination_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-5239650A-9EFDEF59C32F.lukitus, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH | 1 |
Fn
|
|
File | Read | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a, size = 34011, size_out = 34011 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a, size = 34011 | 1 |
Fn
Data
|
|
File | Write | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a, size = 836 | 1 |
Fn
Data
|
|
System | Get Time | type = System Time, time = 2017-08-17 13:54:49 (UTC) | 1 |
Fn
|
|
File | Get Info | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\qKMaBu0E4qs17fQHw.wav, type = file_attributes | 1 |
Fn
|
|
File | Create | filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\qKMaBu0E4qs17fQHw.wav, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE | 1 |
Fn
|
|
For performance reasons, the remaining 759 entries are omitted.
The remaining entries can be found in glog.xml. |
Information | Value |
---|---|
ID | #3 |
File Name | c:\windows\system32\taskeng.exe |
Command Line | taskeng.exe {4E22B586-9520-4D04-A683-CAB40E860F60} S-1-5-18:NT AUTHORITY\System:Service: |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:46, Reason: Created Scheduled Job |
Unmonitor | End Time: 00:02:25, Reason: Terminated by Timeout |
Monitor Duration | 00:00:39 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x728 |
Parent PID | 0x360 (c:\windows\system32\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | System (Elevated) |
Username | NT AUTHORITY\SYSTEM |
Groups |
|
Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
Thread IDs |
0x
BF4
0x
6DC
0x
6E0
0x
688
0x
5E0
0x
72C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000170000 | 0x00170000 | 0x0022ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000230000 | 0x00230000 | 0x00230fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x0046ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000470000 | 0x00470000 | 0x005f7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000600000 | 0x00600000 | 0x00780fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000790000 | 0x00790000 | 0x00b82fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000b90000 | 0x00b90000 | 0x00c8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000cb0000 | 0x00cb0000 | 0x00d2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000d60000 | 0x00d60000 | 0x00ddffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000e90000 | 0x00e90000 | 0x00f0ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00ff0000 | 0x012befff | Memory Mapped File | Readable |
|
|||
private_0x0000000001300000 | 0x01300000 | 0x0137ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001520000 | 0x01520000 | 0x0159ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000015a0000 | 0x015a0000 | 0x0161ffff | Private Memory | Readable, Writable |
|
|||
user32.dll | 0x76fb0000 | 0x770a9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x770b0000 | 0x771cefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x771d0000 | 0x77378fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
taskeng.exe | 0xffd10000 | 0xffd83fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
tschannel.dll | 0x7fef4b40000 | 0x7fef4b48fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ktmw32.dll | 0x7fefa960000 | 0x7fefa969fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
xmllite.dll | 0x7fefb5d0000 | 0x7fefb604fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x7fefc710000 | 0x7fefc756fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x7fefca10000 | 0x7fefca26fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x7fefcc00000 | 0x7fefcc6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x7fefcfe0000 | 0x7fefd004fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x7fefd010000 | 0x7fefd01efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x7fefd100000 | 0x7fefd113fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd2b0000 | 0x7fefd31afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x7fefd550000 | 0x7fefd618fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x7fefd620000 | 0x7fefd6f6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x7fefd700000 | 0x7fefd7dafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x7fefdbb0000 | 0x7fefdbddfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x7fefde40000 | 0x7fefe042fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x7fefe220000 | 0x7fefe2b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x7fefe2c0000 | 0x7fefe2defff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x7fefe2e0000 | 0x7fefe3e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7fefe3f0000 | 0x7fefe51cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x7fefe520000 | 0x7fefe5befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x7fefe5d0000 | 0x7fefe636fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x7fefe640000 | 0x7fefe64dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x7fefe6d0000 | 0x7fefe740fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apisetschema.dll | 0x7feff4f0000 | 0x7feff4f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
Information | Value |
---|---|
ID | #4 |
File Name | c:\windows\system32\taskeng.exe |
Command Line | taskeng.exe {A63D8ADE-049B-493D-9EF8-CBCBD23E6074} S-1-5-21-2345716840-1148442690-1481144037-1000:YKYD69Q\aETAdzjz:Interactive:Highest[1] |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:46, Reason: Created Scheduled Job |
Unmonitor | End Time: 00:02:25, Reason: Terminated by Timeout |
Monitor Duration | 00:00:39 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x5f8 |
Parent PID | 0x360 (c:\windows\system32\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | YKYD69Q\aETAdzjz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
81C
0x
6C8
0x
6C4
0x
610
0x
604
0x
5FC
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000170000 | 0x00170000 | 0x00170fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000440000 | 0x00440000 | 0x005c7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000610000 | 0x00610000 | 0x0061ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000620000 | 0x00620000 | 0x007a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007b0000 | 0x007b0000 | 0x01baffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001bb0000 | 0x01bb0000 | 0x01fa2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002030000 | 0x02030000 | 0x020affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002150000 | 0x02150000 | 0x021cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000021d0000 | 0x021d0000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002250000 | 0x02250000 | 0x0234ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000023a0000 | 0x023a0000 | 0x0241ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02520000 | 0x027eefff | Memory Mapped File | Readable |
|
|||
private_0x0000000002810000 | 0x02810000 | 0x0288ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002890000 | 0x02890000 | 0x0296efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002a40000 | 0x02a40000 | 0x02abffff | Private Memory | Readable, Writable |
|
|||
user32.dll | 0x76fb0000 | 0x770a9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x770b0000 | 0x771cefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x771d0000 | 0x77378fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
taskeng.exe | 0xffd10000 | 0xffd83fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
tschannel.dll | 0x7fef4b40000 | 0x7fef4b48fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ktmw32.dll | 0x7fefa960000 | 0x7fefa969fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
xmllite.dll | 0x7fefb5d0000 | 0x7fefb604fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x7fefb610000 | 0x7fefb627fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x7fefba40000 | 0x7fefba95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x7fefc710000 | 0x7fefc756fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x7fefca10000 | 0x7fefca26fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x7fefcc00000 | 0x7fefcc6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x7fefcfe0000 | 0x7fefd004fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x7fefd010000 | 0x7fefd01efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x7fefd100000 | 0x7fefd113fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd2b0000 | 0x7fefd31afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x7fefd550000 | 0x7fefd618fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x7fefd620000 | 0x7fefd6f6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x7fefd700000 | 0x7fefd7dafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x7fefdbb0000 | 0x7fefdbddfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x7fefde40000 | 0x7fefe042fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x7fefe220000 | 0x7fefe2b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x7fefe2c0000 | 0x7fefe2defff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x7fefe2e0000 | 0x7fefe3e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7fefe3f0000 | 0x7fefe51cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x7fefe520000 | 0x7fefe5befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x7fefe5d0000 | 0x7fefe636fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x7fefe640000 | 0x7fefe64dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x7fefe6d0000 | 0x7fefe740fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apisetschema.dll | 0x7feff4f0000 | 0x7feff4f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
Information | Value |
---|---|
ID | #5 |
File Name | c:\program files (x86)\internet explorer\iexplore.exe |
Command Line | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome |
Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
Monitor | Start Time: 00:01:53, Reason: Child Process |
Unmonitor | End Time: 00:02:25, Reason: Terminated by Timeout |
Monitor Duration | 00:00:32 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x8e0 |
Parent PID | 0xb68 (c:\users\aetadzjz\appdata\local\temp\agraba8.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | YKYD69Q\aETAdzjz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
8F0
0x
910
0x
914
0x
954
0x
9D4
0x
368
0x
A84
0x
980
0x
44C
0x
7FC
0x
AD4
0x
AD0
0x
AA8
0x
A80
0x
A78
0x
130
0x
534
0x
7C8
0x
658
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|||
iexplore.exe.mui | 0x000d0000 | 0x000d1fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
oleaccrc.dll | 0x00100000 | 0x00100fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000110000 | 0x00110000 | 0x00111fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000130000 | 0x00130000 | 0x00131fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable, Writable |
|
|||
index.dat | 0x00150000 | 0x0015bfff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x00160000 | 0x00167fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x00170000 | 0x0017ffff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000180000 | 0x00180000 | 0x00180fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x001cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000210000 | 0x00210000 | 0x00211fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000220000 | 0x00220000 | 0x00221fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000230000 | 0x00230000 | 0x00231fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000440000 | 0x00440000 | 0x00440fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000450000 | 0x00450000 | 0x00450fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x0049ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004a0000 | 0x004a0000 | 0x0051ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000520000 | 0x00520000 | 0x0058dfff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000590000 | 0x00590000 | 0x00590fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000005f0000 | 0x005f0000 | 0x0062ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000630000 | 0x00630000 | 0x0066ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000780000 | 0x00780000 | 0x00907fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000920000 | 0x00920000 | 0x0092ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000930000 | 0x00930000 | 0x00ab0fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x00ac0000 | 0x00d8efff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000d90000 | 0x00d90000 | 0x00e07fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000e30000 | 0x00e30000 | 0x00e6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000eb0000 | 0x00eb0000 | 0x00eeffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000f20000 | 0x00f20000 | 0x00f5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000f60000 | 0x00f60000 | 0x00f9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000fc0000 | 0x00fc0000 | 0x010bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000010e0000 | 0x010e0000 | 0x011dffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000011e0000 | 0x011e0000 | 0x012befff | Pagefile Backed Memory | Readable |
|
|||
iexplore.exe | 0x01340000 | 0x013e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x00000000013f0000 | 0x013f0000 | 0x027effff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002850000 | 0x02850000 | 0x0294ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002960000 | 0x02960000 | 0x0299ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a10000 | 0x02a10000 | 0x02a4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a50000 | 0x02a50000 | 0x02b4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b70000 | 0x02b70000 | 0x02baffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c50000 | 0x02c50000 | 0x02d4ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002d50000 | 0x02d50000 | 0x03092fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000030d0000 | 0x030d0000 | 0x031cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003280000 | 0x03280000 | 0x032bffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003320000 | 0x03320000 | 0x0341ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003470000 | 0x03470000 | 0x034affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003560000 | 0x03560000 | 0x0365ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003780000 | 0x03780000 | 0x0387ffff | Private Memory | Readable, Writable |
|
|||
private_0x000000005fff0000 | 0x5fff0000 | 0x5fffffff | Private Memory | Readable, Writable, Executable |
|
|||
ieframe.dll | 0x721e0000 | 0x72c5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x73440000 | 0x73452fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x738c0000 | 0x7393ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73a80000 | 0x73adbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ae0000 | 0x73b1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73b50000 | 0x73b57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x73fd0000 | 0x74007fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netprofm.dll | 0x73ff0000 | 0x74049fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sqmapi.dll | 0x74010000 | 0x74042fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleacc.dll | 0x74050000 | 0x7408bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wship6.dll | 0x74530000 | 0x74535fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x74540000 | 0x74547fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74540000 | 0x74548fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74550000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74650000 | 0x74654fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74660000 | 0x7469bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x746a0000 | 0x746a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x746b0000 | 0x746bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x746c0000 | 0x74711fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74720000 | 0x748bdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sensapi.dll | 0x748d0000 | 0x748d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rtutils.dll | 0x748e0000 | 0x748ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x748f0000 | 0x74904fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74910000 | 0x74916fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74920000 | 0x7493bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74940000 | 0x74983fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x74990000 | 0x7499afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x749a0000 | 0x749c0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x749d0000 | 0x74a0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74a10000 | 0x74a25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x74f00000 | 0x74f0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74f10000 | 0x74f6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x74f70000 | 0x750cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x750d0000 | 0x7516cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x75170000 | 0x751b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x751c0000 | 0x751c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x751d0000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x752e0000 | 0x753abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x753b0000 | 0x754e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75520000 | 0x755aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x755d0000 | 0x7567bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x756e0000 | 0x756e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x75700000 | 0x7577afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75780000 | 0x757d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x757e0000 | 0x758cffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x758d0000 | 0x758dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x758e0000 | 0x75adafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x75b40000 | 0x75b9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x75ba0000 | 0x75c94fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x75ca0000 | 0x75ce5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75cf0000 | 0x76939fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76ae0000 | 0x76b14fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76b20000 | 0x76baffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76c40000 | 0x76c58fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x76c60000 | 0x76ce2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76cf0000 | 0x76e0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76e10000 | 0x76f0ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x76f10000 | 0x76faffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076fb0000 | 0x76fb0000 | 0x770a9fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000770b0000 | 0x770b0000 | 0x771cefff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x771d0000 | 0x77378fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x77380000 | 0x77385fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x773b0000 | 0x7752ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 134 entries are omitted.
The remaining entries can be found in flog.txt. |
Information | Value |
---|---|
ID | #8 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | cmd.exe /C del /Q /F "C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe" |
Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
Monitor | Start Time: 00:01:55, Reason: Child Process |
Unmonitor | End Time: 00:02:25, Reason: Terminated by Timeout |
Monitor Duration | 00:00:30 |
Information | Value |
---|---|
PID | 0x7b0 |
Parent PID | 0xb68 (c:\users\aetadzjz\appdata\local\temp\agraba8.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | YKYD69Q\aETAdzjz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
348
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x001cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000430000 | 0x00430000 | 0x004affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000005a0000 | 0x005a0000 | 0x0069ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000810000 | 0x00810000 | 0x0081ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000820000 | 0x00820000 | 0x009a7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000009b0000 | 0x009b0000 | 0x00b30fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000b40000 | 0x00b40000 | 0x01f3ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001f40000 | 0x01f40000 | 0x02282fff | Pagefile Backed Memory | Readable |
|
|||
cmd.exe | 0x4aa60000 | 0x4aaabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73a80000 | 0x73adbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ae0000 | 0x73b1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73b50000 | 0x73b57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74a40000 | 0x74a46fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x74f00000 | 0x74f0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74f10000 | 0x74f6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x750d0000 | 0x7516cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x751c0000 | 0x751c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x751d0000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x752e0000 | 0x753abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x755d0000 | 0x7567bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x757e0000 | 0x758cffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x75b40000 | 0x75b9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x75ca0000 | 0x75ce5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76b20000 | 0x76baffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76c40000 | 0x76c58fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76e10000 | 0x76f0ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x76f10000 | 0x76faffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076fb0000 | 0x76fb0000 | 0x770a9fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000770b0000 | 0x770b0000 | 0x771cefff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x771d0000 | 0x77378fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x773b0000 | 0x7752ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-08-17 13:54:57 (UTC) | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4aa60000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x751fa84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | 2 |
Fn
Data
|
||
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | 1 |
Fn
Data
|
||
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\aETAdzjz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | 1 |
Fn
Data
|
||
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x751d0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75203b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x751e4a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x751fa79d | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, type = file_attributes | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp, type = file_attributes | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, type = file_attributes | 1 |
Fn
|
|
File | Delete | filename = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #9 |
File Name | c:\program files (x86)\internet explorer\iexplore.exe |
Command Line | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2272 CREDAT:14337 |
Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
Monitor | Start Time: 00:01:55, Reason: Child Process |
Unmonitor | End Time: 00:02:25, Reason: Terminated by Timeout |
Monitor Duration | 00:00:30 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x24c |
Parent PID | 0x8e0 (c:\program files (x86)\internet explorer\iexplore.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | YKYD69Q\aETAdzjz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
2AC
0x
214
0x
118
0x
210
0x
340
0x
3F4
0x
264
0x
AE8
0x
AE4
0x
5B0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|||
iexplore.exe.mui | 0x000d0000 | 0x000d1fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
oleaccrc.dll | 0x00100000 | 0x00100fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000110000 | 0x00110000 | 0x00111fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00120fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000130000 | 0x00130000 | 0x00131fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000150000 | 0x00150000 | 0x00150fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000180000 | 0x00180000 | 0x001edfff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000230000 | 0x00230000 | 0x002a7fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000002c0000 | 0x002c0000 | 0x002fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000300000 | 0x00300000 | 0x00301fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000310000 | 0x00310000 | 0x00311fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000320000 | 0x00320000 | 0x00320fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000330000 | 0x00330000 | 0x00330fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000440000 | 0x00440000 | 0x0051efff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000520000 | 0x00520000 | 0x00520fff | Pagefile Backed Memory | Readable, Writable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db | 0x00530000 | 0x0054efff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000550000 | 0x00550000 | 0x00550fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000560000 | 0x00560000 | 0x00561fff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000570000 | 0x00570000 | 0x00571fff | Pagefile Backed Memory | Readable |
|
|||
index.dat | 0x00580000 | 0x0058bfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000590000 | 0x00590000 | 0x0060ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000610000 | 0x00610000 | 0x0064ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000650000 | 0x00650000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x00690000 | 0x00697fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x006a0000 | 0x006affff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000006c0000 | 0x006c0000 | 0x006fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000700000 | 0x00700000 | 0x0071ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000720000 | 0x00720000 | 0x00720fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000730000 | 0x00730000 | 0x00731fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000760000 | 0x00760000 | 0x0085ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000860000 | 0x00860000 | 0x009e7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000a00000 | 0x00a00000 | 0x00a0ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000a10000 | 0x00a10000 | 0x00b90fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x00ba0000 | 0x00e6efff | Memory Mapped File | Readable |
|
|||
private_0x0000000000e70000 | 0x00e70000 | 0x00f6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000fa0000 | 0x00fa0000 | 0x00fdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000fe0000 | 0x00fe0000 | 0x0101ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001020000 | 0x01020000 | 0x0111ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000011b0000 | 0x011b0000 | 0x011effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001200000 | 0x01200000 | 0x012fffff | Private Memory | Readable, Writable |
|
|||
iexplore.exe | 0x01340000 | 0x013e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x00000000013f0000 | 0x013f0000 | 0x027effff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002800000 | 0x02800000 | 0x0283ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000028a0000 | 0x028a0000 | 0x028dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002910000 | 0x02910000 | 0x02a0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a10000 | 0x02a10000 | 0x02b0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b10000 | 0x02b10000 | 0x02d0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d90000 | 0x02d90000 | 0x02dcffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002df0000 | 0x02df0000 | 0x02eeffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002ef0000 | 0x02ef0000 | 0x032e2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000003470000 | 0x03470000 | 0x0356ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000035a0000 | 0x035a0000 | 0x0369ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000037f0000 | 0x037f0000 | 0x0382ffff | Private Memory | Readable, Writable |
|
|||
staticcache.dat | 0x03830000 | 0x0415ffff | Memory Mapped File | Readable |
|
|||
private_0x000000005fff0000 | 0x5fff0000 | 0x5fffffff | Private Memory | Readable, Writable, Executable |
|
|||
ieframe.dll | 0x721e0000 | 0x72c5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x73440000 | 0x73452fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x738c0000 | 0x7393ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73a80000 | 0x73adbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73ae0000 | 0x73b1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73b50000 | 0x73b57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ieproxy.dll | 0x73f20000 | 0x73f4afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleacc.dll | 0x74050000 | 0x7408bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x742f0000 | 0x743e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74550000 | 0x7455dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74720000 | 0x748bdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74910000 | 0x74916fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74920000 | 0x7493bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74940000 | 0x74983fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x74990000 | 0x7499afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x749a0000 | 0x749c0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x749d0000 | 0x74a0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74a10000 | 0x74a25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcp90.dll | 0x74a60000 | 0x74aedfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcr90.dll | 0x74af0000 | 0x74b92fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
acroiehelpershim.dll | 0x74ba0000 | 0x74bb0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apphelp.dll | 0x74bc0000 | 0x74c0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sqmapi.dll | 0x74bd0000 | 0x74c02fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ieshims.dll | 0x74c10000 | 0x74c44fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mlang.dll | 0x74dd0000 | 0x74dfdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x74f00000 | 0x74f0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74f10000 | 0x74f6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x74f70000 | 0x750cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x750d0000 | 0x7516cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x75170000 | 0x751b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x751c0000 | 0x751c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x751d0000 | 0x752dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x752e0000 | 0x753abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x753b0000 | 0x754e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x754f0000 | 0x75516fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75520000 | 0x755aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x755b0000 | 0x755c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x755d0000 | 0x7567bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x756e0000 | 0x756e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x75700000 | 0x7577afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75780000 | 0x757d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x757e0000 | 0x758cffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x758d0000 | 0x758dbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x758e0000 | 0x75adafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x75b40000 | 0x75b9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x75ba0000 | 0x75c94fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x75ca0000 | 0x75ce5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75cf0000 | 0x76939fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76940000 | 0x76adcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76ae0000 | 0x76b14fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76b20000 | 0x76baffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76c40000 | 0x76c58fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x76c60000 | 0x76ce2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76cf0000 | 0x76e0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76e10000 | 0x76f0ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x76f10000 | 0x76faffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076fb0000 | 0x76fb0000 | 0x770a9fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000770b0000 | 0x770b0000 | 0x771cefff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x771d0000 | 0x77378fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x77380000 | 0x77385fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x773b0000 | 0x7752ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 65 entries are omitted.
The remaining entries can be found in flog.txt. |
This feature requires an online-connection to the VMRay backend.
An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox
with deactivated setting "security.fileuri.strict_origin_policy".