fd86a9b0f3bcd1dc2b061bb7a77b3871cb6d101505218f763221ee9945e69bf3 (SHA256)
Bissell New PO.qrypted.jar
Java Archive
Created at 2018-07-19 09:49:00
Notifications (2/2)
Due to a WHOIS service error, no query could be made to get WHOIS data of any contacted domain.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: java.exe
7815
3
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files\java\jre7\bin\java.exe |
| Command Line | "C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar" |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:11, Reason: Analysis Target |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:48 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcc0 |
| Parent PID | 0x3ac (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
CC4
0x
CE0
0x
CE8
0x
CEC
0x
CF0
0x
CFC
0x
CF4
0x
CF8
0x
D00
0x
D04
0x
D08
0x
D40
0x
D44
0x
D48
0x
D60
0x
EAC
0x
F60
0x
F74
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00042fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000100000 | 0x00100000 | 0x00106fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00111fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | - |
|
- |
|
- |
| 3264 | 0x00140000 | 0x0014ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001bffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x00287fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x002bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x002d0000 | 0x0030bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| java.exe | 0x00310000 | 0x0033efff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000340000 | 0x00340000 | 0x00440fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x004cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000004f0000 | 0x004f0000 | 0x005effff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x011effff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000011f0000 | 0x011f0000 | 0x012effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001340000 | 0x01340000 | 0x0134ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001350000 | 0x01350000 | 0x01742fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001750000 | 0x01750000 | 0x0184ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001850000 | 0x01850000 | 0x018affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000018b0000 | 0x018b0000 | 0x018fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001910000 | 0x01910000 | 0x0191ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001920000 | 0x01920000 | 0x0391ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003920000 | 0x03920000 | 0x039cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000039d0000 | 0x039d0000 | 0x03a1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003a30000 | 0x03a30000 | 0x03a7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003ab0000 | 0x03ab0000 | 0x03afffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b00000 | 0x03b00000 | 0x03b4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b90000 | 0x03b90000 | 0x03bdffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003be0000 | 0x03be0000 | 0x03d92fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c20000 | 0x03c20000 | 0x03c6ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c70000 | 0x03c70000 | 0x03d4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c90000 | 0x03c90000 | 0x03cdffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d10000 | 0x03d10000 | 0x03d4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d70000 | 0x03d70000 | 0x03dbffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003dc0000 | 0x03dc0000 | 0x03e0ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003e60000 | 0x03e60000 | 0x03eaffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003eb0000 | 0x03eb0000 | 0x040affff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x040b0000 | 0x0437efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004380000 | 0x04380000 | 0x044fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004380000 | 0x04380000 | 0x0449ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004380000 | 0x04380000 | 0x0447ffff | Private Memory | - |
|
- |
|
- |
| kernelbase.dll.mui | 0x04380000 | 0x0443ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004440000 | 0x04440000 | 0x0447ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004490000 | 0x04490000 | 0x0449ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000044f0000 | 0x044f0000 | 0x044fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004500000 | 0x04500000 | 0x0464ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004500000 | 0x04500000 | 0x045fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004610000 | 0x04610000 | 0x0464ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004650000 | 0x04650000 | 0x04a4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004a50000 | 0x04a50000 | 0x0524ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000052a0000 | 0x052a0000 | 0x052effff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x052f0000 | 0x0534bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000053b0000 | 0x053b0000 | 0x053fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000005400000 | 0x05400000 | 0x055fffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000005400000 | 0x05400000 | 0x054defff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000055c0000 | 0x055c0000 | 0x055fffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x28c1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x336cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x376cffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x376d0000 | 0x37b0ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000037b10000 | 0x37b10000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x380d0000 | 0x3871ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038720000 | 0x38720000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x38cd0000 | 0x38f3ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038f40000 | 0x38f40000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x390dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390e0000 | 0x390e0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| jvm.dll | 0x6b030000 | 0x6b3affff | Memory Mapped File | - |
|
- |
|
- |
| awt.dll | 0x6d120000 | 0x6d262fff | Memory Mapped File | - |
|
- |
|
- |
| winmm.dll | 0x70250000 | 0x70281fff | Memory Mapped File | - |
|
- |
|
- |
| pnrpnsp.dll | 0x71760000 | 0x71771fff | Memory Mapped File | - |
|
- |
|
- |
| winrnr.dll | 0x71780000 | 0x71787fff | Memory Mapped File | - |
|
- |
|
- |
| napinsp.dll | 0x717a0000 | 0x717affff | Memory Mapped File | - |
|
- |
|
- |
| rasadhlp.dll | 0x717b0000 | 0x717b5fff | Memory Mapped File | - |
|
- |
|
- |
| nio.dll | 0x71fe0000 | 0x71feefff | Memory Mapped File | - |
|
- |
|
- |
| msvcr100.dll | 0x71ff0000 | 0x720aefff | Memory Mapped File | - |
|
- |
|
- |
| net.dll | 0x72110000 | 0x72123fff | Memory Mapped File | - |
|
- |
|
- |
| sunec.dll | 0x72130000 | 0x7214ffff | Memory Mapped File | - |
|
- |
|
- |
| zip.dll | 0x72150000 | 0x72162fff | Memory Mapped File | - |
|
- |
|
- |
| java.dll | 0x72170000 | 0x7218ffff | Memory Mapped File | - |
|
- |
|
- |
| verify.dll | 0x72190000 | 0x7219bfff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| fwpuclnt.dll | 0x737d0000 | 0x73807fff | Memory Mapped File | - |
|
- |
|
- |
| winnsi.dll | 0x738e0000 | 0x738e6fff | Memory Mapped File | - |
|
- |
|
- |
| iphlpapi.dll | 0x738f0000 | 0x7390bfff | Memory Mapped File | - |
|
- |
|
- |
| nlaapi.dll | 0x73a60000 | 0x73a6ffff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x73ee0000 | 0x7407dfff | Memory Mapped File | - |
|
- |
|
- |
| wsock32.dll | 0x740b0000 | 0x740b6fff | Memory Mapped File | - |
|
- |
|
- |
| wshtcpip.dll | 0x744e0000 | 0x744e4fff | Memory Mapped File | - |
|
- |
|
- |
| userenv.dll | 0x745b0000 | 0x745c6fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| dnsapi.dll | 0x74850000 | 0x74893fff | Memory Mapped File | - |
|
- |
|
- |
| wship6.dll | 0x74980000 | 0x74985fff | Memory Mapped File | - |
|
- |
|
- |
| mswsock.dll | 0x74990000 | 0x749cbfff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| profapi.dll | 0x74f00000 | 0x74f0afff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| psapi.dll | 0x76350000 | 0x76354fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffae000 | 0x7ffae000 | 0x7ffaefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffaf000 | 0x7ffaf000 | 0x7ffaffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
|
For performance reasons, the remaining 10 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | 241.30 KB |
MD5:
781fb531354d6f291f1ccab48da6d39f
SHA1: 9ce4518ebcb5be6d1f0b5477fa00c26860fe9a68 SHA256: 97d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9 SSDeep: 6144:WI5pxUZ7Gvi8ulm+yV/rIF0/MO2qnan1J7pXESN6U:J5pxAGqNkrIq/MO2qnA |
|
|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | 0.27 KB |
MD5:
3bdfd33017806b85949b6faa7d4b98e4
SHA1: f92844fee69ef98db6e68931adfaa9a0a0f8ce66 SHA256: 9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTrLavbx3laDH6djsyn:vmtqvAndZFcrG9lpjsyn |
|
|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | 0.27 KB |
MD5:
a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510 SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn |
|
|
| C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | 621.19 KB |
MD5:
df6fc309f66b3cdb33a8fd183343a610
SHA1: be9e3ae27e19694034f0f7ae81b162befd61689c SHA256: fd86a9b0f3bcd1dc2b061bb7a77b3871cb6d101505218f763221ee9945e69bf3 SSDeep: 12288:uaVkKWNQXHKobX++/y8rzRZ+otjI+qc+gMNYCEgYjsGGjOXbwlQoMxEVuXLN:5zFfX+Irr+ISc+gh/gY5wla/LN |
|
|
| C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | 0.05 KB |
MD5:
9b201b1dd02cb80825eeb818b96627f3
SHA1: 2bd36111bde69244396c5fb8539c89b714b2e6a5 SHA256: d56585c6039877175e2ebe7a32e04e7c98e947f55839e8cf0e3abc6d06ebb790 SSDeep: 3:YwwAHMaHM3+bIx74Re:YwwAHfHIxsRe |
|
|
Host Behavior
File (7411)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Program Files\Java\jre7\lib\rt.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\jce.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\java.security | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\jsse.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunec.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunec.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\rt.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\jce.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\local_policy.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\local_policy.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\resources.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\resources.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\.accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \etc\release | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\System32\test.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\cqsFQOTqbmg | - |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\zip.dll | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\meta-index | type = size, size_out = 829 |
|
1 | |
| Get Info | C:\Windows\Sun\Java\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\access-bridge.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\dnsns.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\jaccess.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\localedata.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunec.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunpkcs11.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\zipfs.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Sun\Java\lib\ext | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | type = file_attributes |
|
6 | |
| Get Info | C:\Program Files\Java\jre7\lib\management\usagetracker.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\resources.jar | type = file_attributes |
|
6 | |
| Get Info | C:\Program Files\Java\jre7\lib\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\meta-index | type = size, size_out = 2190 |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\rt.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\lib\sunrsasign.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\jsse.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\jce.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\lib\charsets.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\jfr.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\classes | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\java.security | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\java.security | type = file_type |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\java.security | type = size, size_out = 17824 |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunec.jar | type = time |
|
1 | |
| Get Info | C:\Program%20Files\Java\jre7\lib\ext\x86\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program%20Files\Java\jre7\lib\ext\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\rt.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\jce.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\local_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\net.dll | type = file_attributes |
|
5 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\local_policy.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\nio.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\java | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\java.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\jaxp.properties | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\resources.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\awt.dll | type = file_attributes |
|
5 | |
| Get Info | C:\Program Files\Java\jre7\lib\swing.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | type = file_type |
|
1297 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1302 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1781193, size_out = 1781193 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 160, size_out = 160 |
|
546 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 30, size_out = 30 |
|
546 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 709, size_out = 709 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 277, size_out = 277 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2305, size_out = 2305 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1022, size_out = 1022 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2882, size_out = 2882 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 104, size_out = 104 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 728, size_out = 728 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 345, size_out = 345 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 815, size_out = 815 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1105, size_out = 1105 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1761, size_out = 1761 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 514, size_out = 514 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 970, size_out = 970 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2589, size_out = 2589 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1008, size_out = 1008 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2004, size_out = 2004 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 669, size_out = 669 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\meta-index | size = 8192, size_out = 829 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 962, size_out = 962 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 934, size_out = 934 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1720, size_out = 1720 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1012, size_out = 1012 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3028, size_out = 3028 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1111, size_out = 1111 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2976, size_out = 2976 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1189, size_out = 1189 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2646, size_out = 2646 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 966, size_out = 966 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 800, size_out = 800 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1280, size_out = 1280 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 628, size_out = 628 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 327, size_out = 327 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 12212, size_out = 12212 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 748, size_out = 748 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6630, size_out = 6630 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3392, size_out = 3392 |
|
1 | |
| Read | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | size = 30105, size_out = 30105 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2563, size_out = 2563 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 476, size_out = 476 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2703, size_out = 2703 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 753, size_out = 753 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3690, size_out = 3690 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3361, size_out = 3361 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3599, size_out = 3599 |
|
1 | |
| Read | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | size = 160, size_out = 160 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 260, size_out = 260 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1899, size_out = 1899 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 678, size_out = 678 |
|
1 | |
| Read | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | size = 30, size_out = 30 |
|
1 | |
| Read | C:\Users\2XC7U6~1\Desktop\Bissell New PO.qrypted.jar | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1909, size_out = 1909 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 670, size_out = 670 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 762, size_out = 762 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1016, size_out = 1016 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1133, size_out = 1133 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 921, size_out = 921 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 30105, size_out = 30105 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 160, size_out = 160 |
|
267 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 30, size_out = 30 |
|
510 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 100, size_out = 100 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 391, size_out = 391 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 452, size_out = 452 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 536, size_out = 536 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 521, size_out = 521 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 491, size_out = 491 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 506, size_out = 506 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 515, size_out = 515 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 361, size_out = 361 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 331, size_out = 331 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 675, size_out = 675 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 451, size_out = 451 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 355, size_out = 355 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 299, size_out = 299 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 474, size_out = 474 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 655, size_out = 655 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 303, size_out = 303 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 335, size_out = 335 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 418, size_out = 418 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 430, size_out = 430 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 453, size_out = 453 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 555, size_out = 555 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 408, size_out = 408 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 477, size_out = 477 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 562, size_out = 562 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 394, size_out = 394 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 462, size_out = 462 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 371, size_out = 371 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 231, size_out = 231 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 496, size_out = 496 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 691, size_out = 691 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 509, size_out = 509 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 580, size_out = 580 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 348, size_out = 348 |
|
5 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 802, size_out = 802 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1127, size_out = 1127 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\meta-index | size = 8192, size_out = 2190 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 329, size_out = 329 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 383, size_out = 383 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 332, size_out = 332 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 461, size_out = 461 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 570, size_out = 570 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 5504, size_out = 5504 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 582, size_out = 582 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 535, size_out = 535 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 678, size_out = 678 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 315, size_out = 315 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 6708, size_out = 6708 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 160, size_out = 160 |
|
33 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 30, size_out = 30 |
|
32 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1693, size_out = 1693 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1351, size_out = 1351 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1358, size_out = 1358 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\java.security | size = 8192, size_out = 8192 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\security\java.security | size = 8192, size_out = 1440 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\java.security | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2345, size_out = 2345 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 13694, size_out = 13694 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 160, size_out = 160 |
|
23 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 30, size_out = 30 |
|
23 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1056, size_out = 1056 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3940, size_out = 3940 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5672, size_out = 5672 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 844, size_out = 844 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1453, size_out = 1453 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2601, size_out = 2601 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 1240, size_out = 1240 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 160, size_out = 160 |
|
8 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 30, size_out = 30 |
|
6 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 590, size_out = 590 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 525, size_out = 525 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 1320, size_out = 1320 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2666, size_out = 2666 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 314, size_out = 314 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 951, size_out = 951 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10594, size_out = 10594 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3882, size_out = 3882 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3549, size_out = 3549 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1381, size_out = 1381 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8211, size_out = 8211 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1075, size_out = 1075 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3695, size_out = 3695 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2117, size_out = 2117 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 346, size_out = 346 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 576, size_out = 576 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 24203, size_out = 24203 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13092, size_out = 13092 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 623, size_out = 623 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3174, size_out = 3174 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2257, size_out = 2257 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1621, size_out = 1621 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2395, size_out = 2395 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 14258, size_out = 14258 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 853, size_out = 853 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 967, size_out = 967 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3914, size_out = 3914 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5828, size_out = 5828 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 12814, size_out = 12814 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4077, size_out = 4077 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2399, size_out = 2399 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2181, size_out = 2181 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 308, size_out = 308 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 381, size_out = 381 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 78, size_out = 78 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4556, size_out = 4556 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6732, size_out = 6732 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 732, size_out = 732 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 454, size_out = 454 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 457, size_out = 457 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 973, size_out = 973 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 310, size_out = 310 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2812, size_out = 2812 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 278, size_out = 278 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 131, size_out = 131 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3431, size_out = 3431 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 382, size_out = 382 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 281, size_out = 281 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5929, size_out = 5929 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6713, size_out = 6713 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3217, size_out = 3217 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 265, size_out = 265 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6705, size_out = 6705 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3395, size_out = 3395 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1337, size_out = 1337 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5120, size_out = 5120 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 374, size_out = 374 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1663, size_out = 1663 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4945, size_out = 4945 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2801, size_out = 2801 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2263, size_out = 2263 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4843, size_out = 4843 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2266, size_out = 2266 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3589, size_out = 3589 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2498, size_out = 2498 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2363, size_out = 2363 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 631, size_out = 631 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 866, size_out = 866 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 282, size_out = 282 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3850, size_out = 3850 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 591, size_out = 591 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 907, size_out = 907 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3908, size_out = 3908 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8490, size_out = 8490 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 444, size_out = 444 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1731, size_out = 1731 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4645, size_out = 4645 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 11624, size_out = 11624 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 915, size_out = 915 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 687, size_out = 687 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 11725, size_out = 11725 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1715, size_out = 1715 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1952, size_out = 1952 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1957, size_out = 1957 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1960, size_out = 1960 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1966, size_out = 1966 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 441, size_out = 441 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 723, size_out = 723 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3045, size_out = 3045 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2242, size_out = 2242 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 387, size_out = 387 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6064, size_out = 6064 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1369, size_out = 1369 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4032, size_out = 4032 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6002, size_out = 6002 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6001, size_out = 6001 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2439, size_out = 2439 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 144, size_out = 144 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1559, size_out = 1559 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 499, size_out = 499 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 734, size_out = 734 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 390, size_out = 390 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 1434, size_out = 1434 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 454, size_out = 454 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 5439, size_out = 5439 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 619, size_out = 619 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 10470, size_out = 10470 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 160, size_out = 160 |
|
27 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 30, size_out = 30 |
|
136 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3596, size_out = 3596 |
|
5 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3529, size_out = 3529 |
|
3 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1320, size_out = 1320 |
|
3 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 735, size_out = 735 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4170, size_out = 4170 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 817, size_out = 817 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 331, size_out = 331 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2357, size_out = 2357 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 187, size_out = 187 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3665, size_out = 3665 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 333, size_out = 333 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 2915, size_out = 2915 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 350, size_out = 350 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 160, size_out = 160 |
|
5 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 30, size_out = 30 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 213, size_out = 213 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 1319, size_out = 1319 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 151, size_out = 151 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 92, size_out = 92 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 47, size_out = 47 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 115, size_out = 115 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 502, size_out = 502 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 807, size_out = 807 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 530, size_out = 530 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1987, size_out = 1987 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 706, size_out = 706 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 3777, size_out = 3777 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 3082, size_out = 3082 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4270, size_out = 4270 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8559, size_out = 8559 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6031, size_out = 6031 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 671, size_out = 671 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1961, size_out = 1961 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3287, size_out = 3287 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 383, size_out = 383 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3661, size_out = 3661 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 292, size_out = 292 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 389, size_out = 389 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 411, size_out = 411 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 160, size_out = 160 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 30, size_out = 30 |
|
5 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 194, size_out = 194 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 242, size_out = 242 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 1318, size_out = 1318 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 153, size_out = 153 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 883, size_out = 883 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 994, size_out = 994 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 780, size_out = 780 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 206, size_out = 206 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 533, size_out = 533 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 775, size_out = 775 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 301, size_out = 301 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 8192, size_out = 8192 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1137, size_out = 1137 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1009, size_out = 1009 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1052, size_out = 1052 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 269, size_out = 269 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1438, size_out = 1438 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2684, size_out = 2684 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 157, size_out = 157 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 902, size_out = 902 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1516, size_out = 1516 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 925, size_out = 925 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1403, size_out = 1403 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 684, size_out = 684 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2171, size_out = 2171 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1421, size_out = 1421 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 694, size_out = 694 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 171, size_out = 171 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1111, size_out = 1111 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 814, size_out = 814 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 608, size_out = 608 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 677, size_out = 677 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 274, size_out = 274 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1343, size_out = 1343 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 541, size_out = 541 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2912, size_out = 2912 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1249, size_out = 1249 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1311, size_out = 1311 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 265, size_out = 265 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1605, size_out = 1605 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 173, size_out = 173 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 230, size_out = 230 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1133, size_out = 1133 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 321, size_out = 321 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 190, size_out = 190 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3185, size_out = 3185 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4522, size_out = 4522 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 978, size_out = 978 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 839, size_out = 839 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1309, size_out = 1309 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1312, size_out = 1312 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 696, size_out = 696 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3200, size_out = 3200 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 207, size_out = 207 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 823, size_out = 823 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 824, size_out = 824 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 349, size_out = 349 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2972, size_out = 2972 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2977, size_out = 2977 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 611, size_out = 611 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 668, size_out = 668 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 283, size_out = 283 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1118, size_out = 1118 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 834, size_out = 834 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 769, size_out = 769 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1478, size_out = 1478 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1298, size_out = 1298 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1655, size_out = 1655 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 984, size_out = 984 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3278, size_out = 3278 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 833, size_out = 833 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1450, size_out = 1450 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1081, size_out = 1081 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 550, size_out = 550 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 922, size_out = 922 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 5457, size_out = 5457 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1143, size_out = 1143 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2597, size_out = 2597 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 325, size_out = 325 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 271, size_out = 271 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1084, size_out = 1084 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4495, size_out = 4495 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1404, size_out = 1404 |
|
3 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 5963, size_out = 5963 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1218, size_out = 1218 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 666, size_out = 666 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2371, size_out = 2371 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1686, size_out = 1686 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1029, size_out = 1029 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 306, size_out = 306 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1459, size_out = 1459 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 282, size_out = 282 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3227, size_out = 3227 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3051, size_out = 3051 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 740, size_out = 740 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3619, size_out = 3619 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1138, size_out = 1138 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1529, size_out = 1529 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 559, size_out = 559 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1967, size_out = 1967 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2579, size_out = 2579 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 621, size_out = 621 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1770, size_out = 1770 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 610, size_out = 610 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4645, size_out = 4645 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1561, size_out = 1561 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 835, size_out = 835 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3166, size_out = 3166 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1381, size_out = 1381 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1574, size_out = 1574 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 876, size_out = 876 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3003, size_out = 3003 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6397, size_out = 6397 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1251, size_out = 1251 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5080, size_out = 5080 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5175, size_out = 5175 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 745, size_out = 745 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2772, size_out = 2772 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 632, size_out = 632 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 458, size_out = 458 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2124, size_out = 2124 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1186, size_out = 1186 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1096, size_out = 1096 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 287, size_out = 287 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 423, size_out = 423 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 336, size_out = 336 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 564, size_out = 564 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 478, size_out = 478 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 427, size_out = 427 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 374, size_out = 374 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 345, size_out = 345 |
|
7 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 637, size_out = 637 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 289, size_out = 289 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 486, size_out = 486 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 516, size_out = 516 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 194, size_out = 194 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 649, size_out = 649 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 644, size_out = 644 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 424, size_out = 424 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 377, size_out = 377 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 624, size_out = 624 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 623, size_out = 623 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1225, size_out = 1225 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 175, size_out = 175 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 550, size_out = 550 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 444, size_out = 444 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 397, size_out = 397 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 642, size_out = 642 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 622, size_out = 622 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 492, size_out = 492 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 495, size_out = 495 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 411, size_out = 411 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 544, size_out = 544 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 261, size_out = 261 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 629, size_out = 629 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 439, size_out = 439 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 441, size_out = 441 |
|
6 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 2219, size_out = 2219 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 472, size_out = 472 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1542, size_out = 1542 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 289, size_out = 289 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 299, size_out = 299 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 315, size_out = 315 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 297, size_out = 297 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 304, size_out = 304 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 489, size_out = 489 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 586, size_out = 586 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 2433, size_out = 2433 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 314, size_out = 314 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 8192, size_out = 8192 |
|
109 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 6767, size_out = 6767 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 5374, size_out = 5374 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 1470, size_out = 1470 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 546, size_out = 546 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 3, size_out = 3 |
|
179 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 864, size_out = 864 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 632, size_out = 632 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 270, size_out = 270 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 658, size_out = 658 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 399, size_out = 399 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 904, size_out = 904 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 463, size_out = 463 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 156, size_out = 156 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 91, size_out = 91 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 163, size_out = 163 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 29, size_out = 29 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 1, size_out = 1 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 388, size_out = 388 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 164, size_out = 164 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 222, size_out = 222 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 962, size_out = 962 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 165, size_out = 165 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 253, size_out = 253 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 437, size_out = 437 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 283, size_out = 283 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 187, size_out = 187 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 256, size_out = 256 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 347, size_out = 347 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 209, size_out = 209 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 90, size_out = 90 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 802, size_out = 802 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 129, size_out = 129 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 300, size_out = 300 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 63, size_out = 63 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 634, size_out = 634 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 61, size_out = 61 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 412, size_out = 412 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 188, size_out = 188 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 350, size_out = 350 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 1074, size_out = 1074 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 706, size_out = 706 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 130, size_out = 130 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 110, size_out = 110 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 342, size_out = 342 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 141, size_out = 141 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 192, size_out = 192 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 242, size_out = 242 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 179, size_out = 179 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 284, size_out = 284 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 122, size_out = 122 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 323, size_out = 323 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 151, size_out = 151 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 818, size_out = 818 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 690, size_out = 690 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 312, size_out = 312 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 94, size_out = 94 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 58, size_out = 58 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 153, size_out = 153 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 994, size_out = 994 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 514, size_out = 514 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 694, size_out = 694 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 42, size_out = 42 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 38, size_out = 38 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 211, size_out = 211 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 112, size_out = 112 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 850, size_out = 850 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 18, size_out = 18 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 237, size_out = 237 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 167, size_out = 167 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 196, size_out = 196 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 482, size_out = 482 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 466, size_out = 466 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 1666, size_out = 1666 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 7019, size_out = 7019 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 344, size_out = 344 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 473, size_out = 473 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 120, size_out = 120 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 238, size_out = 238 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 121, size_out = 121 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 320, size_out = 320 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 13, size_out = 13 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 4162, size_out = 4162 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 232, size_out = 232 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 545, size_out = 545 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 249, size_out = 249 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 529, size_out = 529 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 360, size_out = 360 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 636, size_out = 636 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 480, size_out = 480 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 409, size_out = 409 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 589, size_out = 589 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 443, size_out = 443 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 737, size_out = 737 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 334, size_out = 334 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 609, size_out = 609 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 370, size_out = 370 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 365, size_out = 365 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 543, size_out = 543 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 455, size_out = 455 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 617, size_out = 617 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 398, size_out = 398 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 400, size_out = 400 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 469, size_out = 469 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 259, size_out = 259 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 577, size_out = 577 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 467, size_out = 467 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 528, size_out = 528 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 406, size_out = 406 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 616, size_out = 616 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 563, size_out = 563 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 364, size_out = 364 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 513, size_out = 513 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 507, size_out = 507 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 518, size_out = 518 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 389, size_out = 389 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 604, size_out = 604 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 293, size_out = 293 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 5754, size_out = 5754 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 405, size_out = 405 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 206, size_out = 206 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 429, size_out = 429 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 291, size_out = 291 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 328, size_out = 328 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 640, size_out = 640 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 446, size_out = 446 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 220, size_out = 220 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 476, size_out = 476 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 614, size_out = 614 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 450, size_out = 450 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 619, size_out = 619 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 417, size_out = 417 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\Desktop\Bissell New PO.qrypted.jar | size = 257, size_out = 257 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 955, size_out = 955 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 645, size_out = 645 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6444, size_out = 6444 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 874, size_out = 874 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 513, size_out = 513 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1664, size_out = 1664 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 708, size_out = 708 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2656, size_out = 2656 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 588, size_out = 588 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2520, size_out = 2520 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2709, size_out = 2709 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 718, size_out = 718 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 284, size_out = 284 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 14716, size_out = 14716 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2111, size_out = 2111 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8292, size_out = 8292 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6007, size_out = 6007 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2905, size_out = 2905 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 937, size_out = 937 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 585, size_out = 585 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1544, size_out = 1544 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 12572, size_out = 12572 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1904, size_out = 1904 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2008, size_out = 2008 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 783, size_out = 783 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 19213, size_out = 19213 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 332, size_out = 332 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3606, size_out = 3606 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 403, size_out = 403 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9943, size_out = 9943 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 596, size_out = 596 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 612, size_out = 612 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 544, size_out = 544 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 697, size_out = 697 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 604, size_out = 604 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 452, size_out = 452 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 586, size_out = 586 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 525, size_out = 525 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1974, size_out = 1974 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1159, size_out = 1159 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 426, size_out = 426 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7100, size_out = 7100 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 229, size_out = 229 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 366, size_out = 366 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3515, size_out = 3515 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2163, size_out = 2163 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 179, size_out = 179 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6028, size_out = 6028 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7832, size_out = 7832 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5512, size_out = 5512 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 949, size_out = 949 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1167, size_out = 1167 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1427, size_out = 1427 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1429, size_out = 1429 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1873, size_out = 1873 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2351, size_out = 2351 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 877, size_out = 877 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1401, size_out = 1401 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 412, size_out = 412 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 448, size_out = 448 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 692, size_out = 692 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 660, size_out = 660 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5861, size_out = 5861 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\resources.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\resources.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\resources.jar | size = 33985, size_out = 33985 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3671, size_out = 3671 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10989, size_out = 10989 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 407, size_out = 407 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9301, size_out = 9301 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 28702, size_out = 28702 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6453, size_out = 6453 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2101, size_out = 2101 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2652, size_out = 2652 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1139, size_out = 1139 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2005, size_out = 2005 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5981, size_out = 5981 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 22809, size_out = 22809 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 536, size_out = 536 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1862, size_out = 1862 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 643, size_out = 643 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 112, size_out = 112 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3932, size_out = 3932 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2027, size_out = 2027 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 31499, size_out = 31499 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 659, size_out = 659 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 375, size_out = 375 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1932, size_out = 1932 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 419, size_out = 419 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1599, size_out = 1599 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 335, size_out = 335 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2771, size_out = 2771 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 831, size_out = 831 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1589, size_out = 1589 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 505, size_out = 505 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7594, size_out = 7594 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 16872, size_out = 16872 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 362, size_out = 362 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 435, size_out = 435 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6262, size_out = 6262 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9824, size_out = 9824 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13080, size_out = 13080 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 26877, size_out = 26877 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 460, size_out = 460 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 302, size_out = 302 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 503, size_out = 503 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 136, size_out = 136 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 17075, size_out = 17075 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1002, size_out = 1002 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1378, size_out = 1378 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2396, size_out = 2396 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1786, size_out = 1786 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1740, size_out = 1740 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2528, size_out = 2528 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4399, size_out = 4399 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9883, size_out = 9883 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 373, size_out = 373 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1114, size_out = 1114 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8460, size_out = 8460 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1477, size_out = 1477 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 872, size_out = 872 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3313, size_out = 3313 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 743, size_out = 743 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2872, size_out = 2872 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4879, size_out = 4879 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2958, size_out = 2958 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2419, size_out = 2419 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 239, size_out = 239 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 401, size_out = 401 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 27718, size_out = 27718 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 337, size_out = 337 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 18188, size_out = 18188 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 236, size_out = 236 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 272, size_out = 272 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 850, size_out = 850 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3851, size_out = 3851 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 25359, size_out = 25359 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 251, size_out = 251 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 234, size_out = 234 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3171, size_out = 3171 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1336, size_out = 1336 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1685, size_out = 1685 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 898, size_out = 898 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 478, size_out = 478 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 318, size_out = 318 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1001, size_out = 1001 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 942, size_out = 942 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1013, size_out = 1013 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 726, size_out = 726 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 480, size_out = 480 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 706, size_out = 706 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4814, size_out = 4814 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2135, size_out = 2135 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 273, size_out = 273 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1203, size_out = 1203 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1324, size_out = 1324 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1165, size_out = 1165 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1394, size_out = 1394 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2629, size_out = 2629 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2974, size_out = 2974 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1332, size_out = 1332 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1781, size_out = 1781 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 668, size_out = 668 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6859, size_out = 6859 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3482, size_out = 3482 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2798, size_out = 2798 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1566, size_out = 1566 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1279, size_out = 1279 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 429, size_out = 429 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1958, size_out = 1958 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 551, size_out = 551 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1772, size_out = 1772 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2275, size_out = 2275 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5453, size_out = 5453 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 675, size_out = 675 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1051, size_out = 1051 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3280, size_out = 3280 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 829, size_out = 829 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10444, size_out = 10444 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1204, size_out = 1204 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 16744, size_out = 16744 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13269, size_out = 13269 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 25511, size_out = 25511 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8503, size_out = 8503 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1258, size_out = 1258 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13723, size_out = 13723 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 311, size_out = 311 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 15196, size_out = 15196 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 30281, size_out = 30281 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 192, size_out = 192 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 215, size_out = 215 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 198, size_out = 198 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1163, size_out = 1163 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2019, size_out = 2019 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6137, size_out = 6137 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1243, size_out = 1243 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 15748, size_out = 15748 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 495, size_out = 495 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1363, size_out = 1363 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1523, size_out = 1523 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1236, size_out = 1236 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1129, size_out = 1129 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1795, size_out = 1795 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6907, size_out = 6907 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2460, size_out = 2460 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10895, size_out = 10895 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 400, size_out = 400 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4773, size_out = 4773 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6236, size_out = 6236 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1694, size_out = 1694 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1297, size_out = 1297 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1415, size_out = 1415 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9480, size_out = 9480 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6808, size_out = 6808 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 618, size_out = 618 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1065, size_out = 1065 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5179, size_out = 5179 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4140, size_out = 4140 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2727, size_out = 2727 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2786, size_out = 2786 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1210, size_out = 1210 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 948, size_out = 948 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2962, size_out = 2962 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\accessibility.properties | size = 8192, size_out = 155 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\accessibility.properties | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5468, size_out = 5468 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1825, size_out = 1825 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 809, size_out = 809 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 854, size_out = 854 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2701, size_out = 2701 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2950, size_out = 2950 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1198, size_out = 1198 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 680, size_out = 680 |
|
1 | |
|
For performance reasons, the remaining 150 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (25)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | - |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | value_name = Desktop, data = C:\Users\2XC7u663GxWc\Desktop, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | value_name = GDIProcessHandleQuota, data = 16 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop | value_name = FontSmoothingOrientation, data = 1 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | value_name = Shell Icon BPP, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = NormalSize, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = NormalColor, type = REG_SZ |
|
1 |
Process (11)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | os_pid = 0xd18, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | os_pid = 0xd64, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | os_pid = 0xdf8, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | xcopy "C:\Program Files\Java\jre7" "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\" /e | os_pid = 0xe58, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v NTMGCGGUKus /t REG_EXPAND_SZ /d "\"C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm\"" /f | os_pid = 0xf40, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | attrib +h "C:\Users\2XC7u663GxWc\cqsFQOTqbmg\*.*" | os_pid = 0xf48, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | attrib +h "C:\Users\2XC7u663GxWc\cqsFQOTqbmg" | os_pid = 0xf50, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | os_pid = 0xf58, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | exit_code = 1 |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | exit_code = 1 |
|
1 | |
| Terminate | xcopy "C:\Program Files\Java\jre7" "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\" /e | exit_code = 1 |
|
1 |
Module (124)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | COMCTL32.dll | base_address = 0x73ee0000 |
|
1 | |
| Load | GDI32.dll | base_address = 0x754f0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x75700000 |
|
1 | |
| Load | C:\Windows\system32\user32.dll | base_address = 0x76b40000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.DLL | base_address = 0x731f0000 |
|
1 | |
| Load | C:\Windows\system32\UXTHEME.DLL | base_address = 0x73530000 |
|
1 | |
| Get Handle | c:\program files\java\jre7\bin\client\jvm.dll | base_address = 0x6b030000 |
|
2 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Filename | c:\program files\java\jre7\bin\client\jvm.dll | process_name = c:\program files\java\jre7\bin\java.exe, file_name_orig = C:\Program Files\Java\jre7\bin\client\jvm.dll, size = 260 |
|
1 | |
| Get Address | c:\program files\java\jre7\bin\client\jvm.dll | function = JVM_GetVersionInfo, address_out = 0x6b11d980 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x7557be77 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFinalPathNameByHandleW, address_out = 0x75574e2a |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstStreamW, address_out = 0x7559c8fa |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextStreamW, address_out = 0x7559c838 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x755c9aa9 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardLayout, address_out = 0x76b53800 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDoubleClickTime, address_out = 0x76b4ade0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x76b567cf |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = ToAsciiEx, address_out = 0x76b8b797 |
|
13 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardState, address_out = 0x76b76946 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitCommonControlsEx, address_out = 0x73f009ce |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = LoadIconW, address_out = 0x76b4f142 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClassW, address_out = 0x76b4ed4a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDC, address_out = 0x76b5544c |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address_out = 0x754f6f7f |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = ReleaseDC, address_out = 0x76b55421 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CreateWindowExW, address_out = 0x76b4ec7c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcW, address_out = 0x76b5507d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address_out = 0x76b4e30c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleInitialize, address_out = 0x7637efd7 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = WaitMessage, address_out = 0x76b566bd |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address_out = 0x76b4e09a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSysColor, address_out = 0x76b5db7a |
|
29 | |
| Get Address | c:\windows\system32\shell32.dll | function = SHGetSettings, address_out = 0x759758e8 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateDCW, address_out = 0x754fcf79 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetStockObject, address_out = 0x754f5ddf |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = SelectObject, address_out = 0x754f6640 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextFaceW, address_out = 0x754fb73a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address_out = 0x754f7b8f |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteDC, address_out = 0x754f6eaa |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetProcessDPIAware, address_out = 0x76b5e95c |
|
1 | |
| Get Address | c:\windows\system32\dwmapi.dll | function = DwmIsCompositionEnabled, address_out = 0x731f1610 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = EnumDisplayMonitors, address_out = 0x76b534a3 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetMonitorInfoW, address_out = 0x76b533e7 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x754f73ad |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDIBits, address_out = 0x754fa23b |
|
2 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteObject, address_out = 0x754f5f14 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = OpenThemeData, address_out = 0x735373d2 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = DrawThemeBackground, address_out = 0x73533982 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = CloseThemeData, address_out = 0x73536a18 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = DrawThemeText, address_out = 0x73534ea1 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundContentRect, address_out = 0x7353cd2e |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeMargins, address_out = 0x735386e9 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = IsThemePartDefined, address_out = 0x735385b4 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeBool, address_out = 0x73537c1f |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeSysBool, address_out = 0x73563172 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeColor, address_out = 0x7353616c |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeEnumValue, address_out = 0x7353616c |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeInt, address_out = 0x7353616c |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemePosition, address_out = 0x73562350 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemePartSize, address_out = 0x7353cdb1 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = SetWindowTheme, address_out = 0x73540134 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = IsThemeBackgroundPartiallyTransparent, address_out = 0x735360ab |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeTransitionDuration, address_out = 0x73541081 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetFriendlyIfIndex, address_out = 0x738fd855 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SendMessageW, address_out = 0x76b55539 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PeekMessageW, address_out = 0x76b5634a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = EnumThreadWindows, address_out = 0x76b4b712 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostMessageW, address_out = 0x76b5447b |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CallNextHookEx, address_out = 0x76b4abe1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostQuitMessage, address_out = 0x76b4b308 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleUninitialize, address_out = 0x7637eba1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetMessageW, address_out = 0x76b5cde8 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = IsWindow, address_out = 0x76b553ba |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DestroyWindow, address_out = 0x76b4b2f4 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = UnregisterClassW, address_out = 0x76b4b9ae |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = UnhookWindowsHookEx, address_out = 0x76b4adf9 |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | theAwtToolkitWindow | class_name = SunAwtToolkit, wndproc_parameter = 0 |
|
1 |
Keyboard (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
3 | |
| Read | result_out = 1 |
|
1 |
System (23)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Register Hook | type = WH_GETMESSAGE, hookproc_address = 0x6d1b1da0 |
|
1 | |
| Get Info | type = Operating System |
|
8 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Operating System |
|
9 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
3 |
Network Behavior
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = ZgW5tdPu |
|
2 | |
| Resolve Name | host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 |
|
1 |
Process #2: java.exe
2884
3
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\program files\java\jre7\bin\java.exe |
| Command Line | "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:23, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:58 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd18 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D1C
0x
D30
0x
D34
0x
D38
0x
D3C
0x
D54
0x
D4C
0x
D50
0x
D5C
0x
D58
0x
D80
0x
D94
0x
D98
0x
D9C
0x
DAC
0x
EA8
0x
4CC
0x
93C
0x
980
0x
97C
0x
718
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00042fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000100000 | 0x00100000 | 0x00106fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00111fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x0018ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00257fff | Pagefile Backed Memory | - |
|
- |
|
- |
| 3352 | 0x00260000 | 0x0026ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x002effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | - |
|
- |
|
- |
| java.exe | 0x00310000 | 0x0033efff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000340000 | 0x00340000 | 0x00440fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x004affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x005affff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000005b0000 | 0x005b0000 | 0x011affff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000011b0000 | 0x011b0000 | 0x012affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000012b0000 | 0x012b0000 | 0x0135ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001360000 | 0x01360000 | 0x0136ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001370000 | 0x01370000 | 0x0137ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001380000 | 0x01380000 | 0x01772fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001780000 | 0x01780000 | 0x01780fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001790000 | 0x01790000 | 0x017dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000017e0000 | 0x017e0000 | 0x018dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000018e0000 | 0x018e0000 | 0x0190ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001910000 | 0x01910000 | 0x0195ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001960000 | 0x01960000 | 0x0196ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001970000 | 0x01970000 | 0x0396ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000039a0000 | 0x039a0000 | 0x039effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003a00000 | 0x03a00000 | 0x03a4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003a50000 | 0x03a50000 | 0x03a8ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003a90000 | 0x03a90000 | 0x03adffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b10000 | 0x03b10000 | 0x03b5ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b90000 | 0x03b90000 | 0x03bdffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x03be0000 | 0x03c1bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000003be0000 | 0x03be0000 | 0x03c2ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003bf0000 | 0x03bf0000 | 0x03c3ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c40000 | 0x03c40000 | 0x03c8ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c90000 | 0x03c90000 | 0x03e42fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c90000 | 0x03c90000 | 0x03d6ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c90000 | 0x03c90000 | 0x03d0ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d10000 | 0x03d10000 | 0x03d5ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d60000 | 0x03d60000 | 0x03d6ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d70000 | 0x03d70000 | 0x03e2ffff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x03d70000 | 0x03dcbfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000003d70000 | 0x03d70000 | 0x03dbffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003df0000 | 0x03df0000 | 0x03e2ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003e30000 | 0x03e30000 | 0x03e7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003e80000 | 0x03e80000 | 0x0407ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x04080000 | 0x0434efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004350000 | 0x04350000 | 0x0442ffff | Private Memory | - |
|
- |
|
- |
| kernelbase.dll.mui | 0x04350000 | 0x0440ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004420000 | 0x04420000 | 0x0442ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004430000 | 0x04430000 | 0x0452ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004590000 | 0x04590000 | 0x045dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000045f0000 | 0x045f0000 | 0x0463ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004680000 | 0x04680000 | 0x046cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000046d0000 | 0x046d0000 | 0x0485ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000046d0000 | 0x046d0000 | 0x047aefff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000004820000 | 0x04820000 | 0x0485ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000048b0000 | 0x048b0000 | 0x048fffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x28c1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x336cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x376cffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x376d0000 | 0x37b0ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000037b10000 | 0x37b10000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x380d0000 | 0x3871ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038720000 | 0x38720000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x38cd0000 | 0x38f3ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038f40000 | 0x38f40000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x390dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390e0000 | 0x390e0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| jvm.dll | 0x6b030000 | 0x6b3affff | Memory Mapped File | - |
|
- |
|
- |
| awt.dll | 0x6d120000 | 0x6d262fff | Memory Mapped File | - |
|
- |
|
- |
| winmm.dll | 0x70250000 | 0x70281fff | Memory Mapped File | - |
|
- |
|
- |
| pnrpnsp.dll | 0x71760000 | 0x71771fff | Memory Mapped File | - |
|
- |
|
- |
| winrnr.dll | 0x71780000 | 0x71787fff | Memory Mapped File | - |
|
- |
|
- |
| napinsp.dll | 0x717a0000 | 0x717affff | Memory Mapped File | - |
|
- |
|
- |
| rasadhlp.dll | 0x717b0000 | 0x717b5fff | Memory Mapped File | - |
|
- |
|
- |
| nio.dll | 0x71fe0000 | 0x71feefff | Memory Mapped File | - |
|
- |
|
- |
| msvcr100.dll | 0x71ff0000 | 0x720aefff | Memory Mapped File | - |
|
- |
|
- |
| net.dll | 0x72110000 | 0x72123fff | Memory Mapped File | - |
|
- |
|
- |
| sunec.dll | 0x72130000 | 0x7214ffff | Memory Mapped File | - |
|
- |
|
- |
| zip.dll | 0x72150000 | 0x72162fff | Memory Mapped File | - |
|
- |
|
- |
| java.dll | 0x72170000 | 0x7218ffff | Memory Mapped File | - |
|
- |
|
- |
| verify.dll | 0x72190000 | 0x7219bfff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| fwpuclnt.dll | 0x737d0000 | 0x73807fff | Memory Mapped File | - |
|
- |
|
- |
| winnsi.dll | 0x738e0000 | 0x738e6fff | Memory Mapped File | - |
|
- |
|
- |
| iphlpapi.dll | 0x738f0000 | 0x7390bfff | Memory Mapped File | - |
|
- |
|
- |
| nlaapi.dll | 0x73a60000 | 0x73a6ffff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x73ee0000 | 0x7407dfff | Memory Mapped File | - |
|
- |
|
- |
| wsock32.dll | 0x740b0000 | 0x740b6fff | Memory Mapped File | - |
|
- |
|
- |
| wshtcpip.dll | 0x744e0000 | 0x744e4fff | Memory Mapped File | - |
|
- |
|
- |
| userenv.dll | 0x745b0000 | 0x745c6fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| dnsapi.dll | 0x74850000 | 0x74893fff | Memory Mapped File | - |
|
- |
|
- |
| wship6.dll | 0x74980000 | 0x74985fff | Memory Mapped File | - |
|
- |
|
- |
| mswsock.dll | 0x74990000 | 0x749cbfff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| profapi.dll | 0x74f00000 | 0x74f0afff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| psapi.dll | 0x76350000 | 0x76354fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffae000 | 0x7ffae000 | 0x7ffaefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffaf000 | 0x7ffaf000 | 0x7ffaffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
|
For performance reasons, the remaining 20 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | 0.27 KB |
MD5:
3bdfd33017806b85949b6faa7d4b98e4
SHA1: f92844fee69ef98db6e68931adfaa9a0a0f8ce66 SHA256: 9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTrLavbx3laDH6djsyn:vmtqvAndZFcrG9lpjsyn |
|
|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | 0.27 KB |
MD5:
a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510 SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn |
|
|
Host Behavior
File (2688)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Program Files\Java\jre7\lib\rt.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\java.security | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\jsse.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\jce.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunec.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunec.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\rt.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\jce.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\local_policy.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\security\local_policy.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\resources.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\resources.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\.accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre7\lib\accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \etc\release | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\System32\test.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\zip.dll | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\meta-index | type = size, size_out = 829 |
|
1 | |
| Get Info | C:\Windows\Sun\Java\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\access-bridge.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\dnsns.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\jaccess.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\localedata.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunec.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunpkcs11.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\zipfs.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Sun\Java\lib\ext | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | type = file_attributes |
|
6 | |
| Get Info | C:\Program Files\Java\jre7\lib\management\usagetracker.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\resources.jar | type = file_attributes |
|
6 | |
| Get Info | C:\Program Files\Java\jre7\lib\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\meta-index | type = size, size_out = 2190 |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\rt.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\lib\sunrsasign.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\jsse.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\jce.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\lib\charsets.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\lib\jfr.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files\Java\jre7\classes | type = file_attributes |
|
4 | |
| Get Info | C:\Program Files\Java\jre7\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\java.security | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\java.security | type = file_type |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\java.security | type = size, size_out = 17824 |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunec.jar | type = time |
|
1 | |
| Get Info | C:\Program%20Files\Java\jre7\lib\ext\x86\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program%20Files\Java\jre7\lib\ext\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\rt.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\jce.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\local_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\net.dll | type = file_attributes |
|
5 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\security\local_policy.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\nio.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\lib\jaxp.properties | type = file_attributes |
|
2 | |
| Get Info | C:\Program Files\Java\jre7\lib\resources.jar | type = time |
|
1 | |
| Get Info | C:\Program Files\Java\jre7\bin\awt.dll | type = file_attributes |
|
5 | |
| Get Info | C:\Program Files\Java\jre7\lib\swing.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | type = file_type |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
9 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1781193, size_out = 1781193 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 160, size_out = 160 |
|
544 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 30, size_out = 30 |
|
544 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 709, size_out = 709 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 277, size_out = 277 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2305, size_out = 2305 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1022, size_out = 1022 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2882, size_out = 2882 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 104, size_out = 104 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 728, size_out = 728 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 345, size_out = 345 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 815, size_out = 815 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1105, size_out = 1105 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1761, size_out = 1761 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 514, size_out = 514 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 970, size_out = 970 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2589, size_out = 2589 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1008, size_out = 1008 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2004, size_out = 2004 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 669, size_out = 669 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\meta-index | size = 8192, size_out = 829 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 962, size_out = 962 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 934, size_out = 934 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1720, size_out = 1720 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1012, size_out = 1012 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3028, size_out = 3028 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1111, size_out = 1111 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2976, size_out = 2976 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1189, size_out = 1189 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2646, size_out = 2646 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 966, size_out = 966 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 800, size_out = 800 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1280, size_out = 1280 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 628, size_out = 628 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 327, size_out = 327 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 12212, size_out = 12212 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 748, size_out = 748 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6630, size_out = 6630 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3392, size_out = 3392 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 6113, size_out = 6113 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2563, size_out = 2563 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 476, size_out = 476 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2703, size_out = 2703 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 753, size_out = 753 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3690, size_out = 3690 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3361, size_out = 3361 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3599, size_out = 3599 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 160, size_out = 160 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 260, size_out = 260 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1899, size_out = 1899 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 678, size_out = 678 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 30, size_out = 30 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 161, size_out = 161 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1909, size_out = 1909 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 670, size_out = 670 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 762, size_out = 762 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1016, size_out = 1016 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1133, size_out = 1133 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 921, size_out = 921 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 6113, size_out = 6113 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 160, size_out = 160 |
|
41 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 30, size_out = 30 |
|
80 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 161, size_out = 161 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 263, size_out = 263 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 16, size_out = 16 |
|
26 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 729, size_out = 729 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 17, size_out = 17 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 243, size_out = 243 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 315, size_out = 315 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 437, size_out = 437 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 439, size_out = 439 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 342, size_out = 342 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 802, size_out = 802 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1127, size_out = 1127 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\meta-index | size = 8192, size_out = 2190 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 1468, size_out = 1468 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 258, size_out = 258 |
|
6 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2351, size_out = 2351 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 877, size_out = 877 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 645, size_out = 645 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6444, size_out = 6444 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1453, size_out = 1453 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 513, size_out = 513 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4556, size_out = 4556 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\java.security | size = 8192, size_out = 8192 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\security\java.security | size = 8192, size_out = 1440 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\java.security | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2345, size_out = 2345 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 13694, size_out = 13694 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 160, size_out = 160 |
|
23 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 30, size_out = 30 |
|
23 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1056, size_out = 1056 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3940, size_out = 3940 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5672, size_out = 5672 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 844, size_out = 844 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2601, size_out = 2601 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6732, size_out = 6732 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 732, size_out = 732 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 454, size_out = 454 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 78, size_out = 78 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 457, size_out = 457 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 973, size_out = 973 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 308, size_out = 308 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 381, size_out = 381 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 310, size_out = 310 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3431, size_out = 3431 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 382, size_out = 382 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 281, size_out = 281 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 131, size_out = 131 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5929, size_out = 5929 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 405, size_out = 405 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 182, size_out = 182 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 3, size_out = 3 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 354, size_out = 354 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 645, size_out = 645 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 380, size_out = 380 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 512, size_out = 512 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 6708, size_out = 6708 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 160, size_out = 160 |
|
33 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 30, size_out = 30 |
|
32 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1693, size_out = 1693 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1351, size_out = 1351 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1358, size_out = 1358 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 1240, size_out = 1240 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 160, size_out = 160 |
|
8 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 30, size_out = 30 |
|
6 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 590, size_out = 590 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 525, size_out = 525 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 1320, size_out = 1320 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2666, size_out = 2666 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 314, size_out = 314 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 951, size_out = 951 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10594, size_out = 10594 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3882, size_out = 3882 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3549, size_out = 3549 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1381, size_out = 1381 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8211, size_out = 8211 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1075, size_out = 1075 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3695, size_out = 3695 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2117, size_out = 2117 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 346, size_out = 346 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 576, size_out = 576 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 24203, size_out = 24203 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13092, size_out = 13092 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 623, size_out = 623 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3174, size_out = 3174 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2257, size_out = 2257 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1621, size_out = 1621 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2395, size_out = 2395 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 14258, size_out = 14258 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 853, size_out = 853 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 967, size_out = 967 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3914, size_out = 3914 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5828, size_out = 5828 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 12814, size_out = 12814 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4077, size_out = 4077 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2399, size_out = 2399 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2181, size_out = 2181 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2812, size_out = 2812 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 278, size_out = 278 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6713, size_out = 6713 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3217, size_out = 3217 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 265, size_out = 265 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6705, size_out = 6705 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3395, size_out = 3395 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1337, size_out = 1337 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5120, size_out = 5120 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 374, size_out = 374 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1663, size_out = 1663 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4945, size_out = 4945 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2801, size_out = 2801 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2263, size_out = 2263 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4843, size_out = 4843 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2266, size_out = 2266 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3589, size_out = 3589 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2498, size_out = 2498 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2363, size_out = 2363 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 631, size_out = 631 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 866, size_out = 866 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 282, size_out = 282 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3850, size_out = 3850 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 591, size_out = 591 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 907, size_out = 907 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3908, size_out = 3908 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8490, size_out = 8490 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 444, size_out = 444 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1731, size_out = 1731 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4645, size_out = 4645 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 11624, size_out = 11624 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 915, size_out = 915 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 687, size_out = 687 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 11725, size_out = 11725 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1715, size_out = 1715 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1952, size_out = 1952 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1957, size_out = 1957 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1960, size_out = 1960 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1966, size_out = 1966 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 441, size_out = 441 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 723, size_out = 723 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3045, size_out = 3045 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2242, size_out = 2242 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 387, size_out = 387 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6064, size_out = 6064 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1369, size_out = 1369 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4032, size_out = 4032 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6002, size_out = 6002 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6001, size_out = 6001 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2439, size_out = 2439 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 144, size_out = 144 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1559, size_out = 1559 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 499, size_out = 499 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 734, size_out = 734 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 390, size_out = 390 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunec.jar | size = 1434, size_out = 1434 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 454, size_out = 454 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 5439, size_out = 5439 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 619, size_out = 619 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 10470, size_out = 10470 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 160, size_out = 160 |
|
27 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 30, size_out = 30 |
|
136 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3596, size_out = 3596 |
|
5 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3529, size_out = 3529 |
|
3 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1320, size_out = 1320 |
|
3 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 735, size_out = 735 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4170, size_out = 4170 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 817, size_out = 817 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 331, size_out = 331 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2357, size_out = 2357 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 187, size_out = 187 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3665, size_out = 3665 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 333, size_out = 333 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 2915, size_out = 2915 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 350, size_out = 350 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 160, size_out = 160 |
|
5 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 30, size_out = 30 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 213, size_out = 213 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 1319, size_out = 1319 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 151, size_out = 151 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 92, size_out = 92 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 47, size_out = 47 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | size = 115, size_out = 115 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 502, size_out = 502 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 807, size_out = 807 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 530, size_out = 530 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1987, size_out = 1987 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 706, size_out = 706 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 3777, size_out = 3777 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 3082, size_out = 3082 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4270, size_out = 4270 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8559, size_out = 8559 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6031, size_out = 6031 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 671, size_out = 671 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1961, size_out = 1961 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3287, size_out = 3287 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 383, size_out = 383 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3661, size_out = 3661 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 292, size_out = 292 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 389, size_out = 389 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 411, size_out = 411 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 160, size_out = 160 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 30, size_out = 30 |
|
5 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 194, size_out = 194 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 242, size_out = 242 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 1318, size_out = 1318 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 153, size_out = 153 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 883, size_out = 883 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 994, size_out = 994 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 780, size_out = 780 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\security\local_policy.jar | size = 206, size_out = 206 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 533, size_out = 533 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 775, size_out = 775 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 301, size_out = 301 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 8192, size_out = 8192 |
|
4 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1137, size_out = 1137 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1009, size_out = 1009 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1052, size_out = 1052 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 269, size_out = 269 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1438, size_out = 1438 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2684, size_out = 2684 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 157, size_out = 157 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 902, size_out = 902 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1516, size_out = 1516 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 925, size_out = 925 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1403, size_out = 1403 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 684, size_out = 684 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2171, size_out = 2171 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1421, size_out = 1421 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 694, size_out = 694 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 171, size_out = 171 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1111, size_out = 1111 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 814, size_out = 814 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 608, size_out = 608 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 677, size_out = 677 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 274, size_out = 274 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1343, size_out = 1343 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 541, size_out = 541 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2912, size_out = 2912 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1249, size_out = 1249 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1311, size_out = 1311 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 265, size_out = 265 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1605, size_out = 1605 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 173, size_out = 173 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 230, size_out = 230 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1133, size_out = 1133 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 321, size_out = 321 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 190, size_out = 190 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3185, size_out = 3185 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4522, size_out = 4522 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 978, size_out = 978 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 839, size_out = 839 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1309, size_out = 1309 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1312, size_out = 1312 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 696, size_out = 696 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3200, size_out = 3200 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 207, size_out = 207 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 823, size_out = 823 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 824, size_out = 824 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 349, size_out = 349 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2972, size_out = 2972 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2977, size_out = 2977 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 611, size_out = 611 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 668, size_out = 668 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 283, size_out = 283 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1118, size_out = 1118 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 834, size_out = 834 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 769, size_out = 769 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1478, size_out = 1478 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1298, size_out = 1298 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1655, size_out = 1655 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 984, size_out = 984 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3278, size_out = 3278 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 833, size_out = 833 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1450, size_out = 1450 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1081, size_out = 1081 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 550, size_out = 550 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 922, size_out = 922 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 5457, size_out = 5457 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1143, size_out = 1143 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2597, size_out = 2597 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 325, size_out = 325 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 271, size_out = 271 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1084, size_out = 1084 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4495, size_out = 4495 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1404, size_out = 1404 |
|
3 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 5963, size_out = 5963 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1218, size_out = 1218 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 666, size_out = 666 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2371, size_out = 2371 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1686, size_out = 1686 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1029, size_out = 1029 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 306, size_out = 306 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1459, size_out = 1459 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 282, size_out = 282 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3227, size_out = 3227 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3051, size_out = 3051 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 740, size_out = 740 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3619, size_out = 3619 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1138, size_out = 1138 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1529, size_out = 1529 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 559, size_out = 559 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1967, size_out = 1967 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 2579, size_out = 2579 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 621, size_out = 621 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1770, size_out = 1770 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 610, size_out = 610 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 4645, size_out = 4645 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1561, size_out = 1561 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 835, size_out = 835 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 3166, size_out = 3166 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | size = 1381, size_out = 1381 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1574, size_out = 1574 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 876, size_out = 876 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3003, size_out = 3003 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6397, size_out = 6397 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1251, size_out = 1251 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5080, size_out = 5080 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5175, size_out = 5175 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 745, size_out = 745 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2772, size_out = 2772 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 632, size_out = 632 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 458, size_out = 458 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2124, size_out = 2124 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1186, size_out = 1186 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1096, size_out = 1096 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 2219, size_out = 2219 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 299, size_out = 299 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1401, size_out = 1401 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 289, size_out = 289 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 297, size_out = 297 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 472, size_out = 472 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 412, size_out = 412 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 448, size_out = 448 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 304, size_out = 304 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 315, size_out = 315 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 2433, size_out = 2433 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 314, size_out = 314 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 6135, size_out = 6135 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 8192, size_out = 8192 |
|
52 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 5053, size_out = 5053 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 1470, size_out = 1470 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 455, size_out = 455 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 617, size_out = 617 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 580, size_out = 580 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 463, size_out = 463 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 332, size_out = 332 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 481, size_out = 481 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 593, size_out = 593 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 606, size_out = 606 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 390, size_out = 390 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 274, size_out = 274 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 367, size_out = 367 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 347, size_out = 347 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 490, size_out = 490 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 383, size_out = 383 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 346, size_out = 346 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 168, size_out = 168 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 212, size_out = 212 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 205, size_out = 205 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 189, size_out = 189 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.77866636596601243045465905282659207.class | size = 169, size_out = 169 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 274, size_out = 274 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1989, size_out = 1989 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 900, size_out = 900 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1716, size_out = 1716 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 463, size_out = 463 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 503, size_out = 503 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 220, size_out = 220 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 692, size_out = 692 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 708, size_out = 708 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2656, size_out = 2656 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 588, size_out = 588 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2520, size_out = 2520 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2709, size_out = 2709 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 718, size_out = 718 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 284, size_out = 284 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 14716, size_out = 14716 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2111, size_out = 2111 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8292, size_out = 8292 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6007, size_out = 6007 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2905, size_out = 2905 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 937, size_out = 937 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 585, size_out = 585 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1544, size_out = 1544 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 12572, size_out = 12572 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1904, size_out = 1904 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2008, size_out = 2008 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 783, size_out = 783 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 19213, size_out = 19213 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 332, size_out = 332 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3606, size_out = 3606 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 403, size_out = 403 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9943, size_out = 9943 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 596, size_out = 596 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 612, size_out = 612 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 544, size_out = 544 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 697, size_out = 697 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 604, size_out = 604 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 452, size_out = 452 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 586, size_out = 586 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 525, size_out = 525 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1974, size_out = 1974 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1159, size_out = 1159 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 426, size_out = 426 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7100, size_out = 7100 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 229, size_out = 229 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 366, size_out = 366 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3515, size_out = 3515 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2163, size_out = 2163 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 179, size_out = 179 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 660, size_out = 660 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 1225, size_out = 1225 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jce.jar | size = 175, size_out = 175 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5861, size_out = 5861 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\resources.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\resources.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\resources.jar | size = 33985, size_out = 33985 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3671, size_out = 3671 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10989, size_out = 10989 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 407, size_out = 407 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9301, size_out = 9301 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 28702, size_out = 28702 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6453, size_out = 6453 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2101, size_out = 2101 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2652, size_out = 2652 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1139, size_out = 1139 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2005, size_out = 2005 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5981, size_out = 5981 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 22809, size_out = 22809 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 536, size_out = 536 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1862, size_out = 1862 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 643, size_out = 643 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 112, size_out = 112 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3932, size_out = 3932 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2027, size_out = 2027 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 31499, size_out = 31499 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 659, size_out = 659 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 375, size_out = 375 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1932, size_out = 1932 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 419, size_out = 419 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1599, size_out = 1599 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 335, size_out = 335 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2771, size_out = 2771 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 831, size_out = 831 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1589, size_out = 1589 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 505, size_out = 505 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7594, size_out = 7594 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 16872, size_out = 16872 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 362, size_out = 362 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 435, size_out = 435 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6262, size_out = 6262 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9824, size_out = 9824 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13080, size_out = 13080 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 26877, size_out = 26877 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 460, size_out = 460 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 302, size_out = 302 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 503, size_out = 503 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 136, size_out = 136 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 17075, size_out = 17075 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1002, size_out = 1002 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1378, size_out = 1378 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2396, size_out = 2396 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1786, size_out = 1786 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1740, size_out = 1740 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2528, size_out = 2528 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4399, size_out = 4399 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9883, size_out = 9883 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 373, size_out = 373 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1114, size_out = 1114 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8460, size_out = 8460 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1477, size_out = 1477 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 872, size_out = 872 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3313, size_out = 3313 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 743, size_out = 743 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2872, size_out = 2872 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4879, size_out = 4879 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2958, size_out = 2958 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2419, size_out = 2419 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 239, size_out = 239 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 401, size_out = 401 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 27718, size_out = 27718 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 337, size_out = 337 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 18188, size_out = 18188 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 236, size_out = 236 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 272, size_out = 272 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 850, size_out = 850 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3851, size_out = 3851 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 25359, size_out = 25359 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 251, size_out = 251 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 234, size_out = 234 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3171, size_out = 3171 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1336, size_out = 1336 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1685, size_out = 1685 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 898, size_out = 898 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1412, size_out = 1412 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1285, size_out = 1285 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1775, size_out = 1775 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 478, size_out = 478 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 318, size_out = 318 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1001, size_out = 1001 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 942, size_out = 942 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1013, size_out = 1013 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 726, size_out = 726 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 480, size_out = 480 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 706, size_out = 706 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4814, size_out = 4814 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2135, size_out = 2135 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 273, size_out = 273 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1203, size_out = 1203 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1324, size_out = 1324 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1165, size_out = 1165 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1394, size_out = 1394 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2629, size_out = 2629 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2974, size_out = 2974 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1332, size_out = 1332 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1781, size_out = 1781 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 668, size_out = 668 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6859, size_out = 6859 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3482, size_out = 3482 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2798, size_out = 2798 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1566, size_out = 1566 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1279, size_out = 1279 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 429, size_out = 429 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1958, size_out = 1958 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 551, size_out = 551 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1772, size_out = 1772 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2275, size_out = 2275 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5453, size_out = 5453 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 675, size_out = 675 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1051, size_out = 1051 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3280, size_out = 3280 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 829, size_out = 829 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10444, size_out = 10444 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1204, size_out = 1204 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 16744, size_out = 16744 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13269, size_out = 13269 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 25511, size_out = 25511 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8503, size_out = 8503 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1258, size_out = 1258 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 13723, size_out = 13723 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 311, size_out = 311 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 15196, size_out = 15196 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 30281, size_out = 30281 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 192, size_out = 192 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 215, size_out = 215 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 198, size_out = 198 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1163, size_out = 1163 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2019, size_out = 2019 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6137, size_out = 6137 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1243, size_out = 1243 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 15748, size_out = 15748 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 495, size_out = 495 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1363, size_out = 1363 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1523, size_out = 1523 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1236, size_out = 1236 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1129, size_out = 1129 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1795, size_out = 1795 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6907, size_out = 6907 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2460, size_out = 2460 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 10895, size_out = 10895 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 400, size_out = 400 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4773, size_out = 4773 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6236, size_out = 6236 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1694, size_out = 1694 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1297, size_out = 1297 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1415, size_out = 1415 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9480, size_out = 9480 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6808, size_out = 6808 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 618, size_out = 618 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1065, size_out = 1065 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5179, size_out = 5179 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4140, size_out = 4140 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 427, size_out = 427 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2727, size_out = 2727 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2786, size_out = 2786 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1210, size_out = 1210 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 948, size_out = 948 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2962, size_out = 2962 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\accessibility.properties | size = 8192, size_out = 155 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\accessibility.properties | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5468, size_out = 5468 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1825, size_out = 1825 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 809, size_out = 809 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 854, size_out = 854 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2701, size_out = 2701 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2950, size_out = 2950 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1198, size_out = 1198 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 680, size_out = 680 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 976, size_out = 976 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 445, size_out = 445 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1160, size_out = 1160 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2235, size_out = 2235 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 770, size_out = 770 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1938, size_out = 1938 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8084, size_out = 8084 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 340, size_out = 340 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 392, size_out = 392 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4890, size_out = 4890 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 492, size_out = 492 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3846, size_out = 3846 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 9570, size_out = 9570 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 413, size_out = 413 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 203, size_out = 203 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 789, size_out = 789 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 686, size_out = 686 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4445, size_out = 4445 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1980, size_out = 1980 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2783, size_out = 2783 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1518, size_out = 1518 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3082, size_out = 3082 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 569, size_out = 569 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 333, size_out = 333 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4157, size_out = 4157 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 169, size_out = 169 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 543, size_out = 543 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4605, size_out = 4605 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 784, size_out = 784 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2147, size_out = 2147 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 975, size_out = 975 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 497, size_out = 497 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 878, size_out = 878 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1061, size_out = 1061 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 614, size_out = 614 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1183, size_out = 1183 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 326, size_out = 326 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 81, size_out = 81 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 830, size_out = 830 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1179, size_out = 1179 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 781, size_out = 781 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 534, size_out = 534 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 300, size_out = 300 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1462, size_out = 1462 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 409, size_out = 409 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 225, size_out = 225 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 897, size_out = 897 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2301, size_out = 2301 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2443, size_out = 2443 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 827, size_out = 827 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5505, size_out = 5505 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1071, size_out = 1071 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1036, size_out = 1036 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 352, size_out = 352 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1116, size_out = 1116 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1796, size_out = 1796 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 448, size_out = 448 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 4013, size_out = 4013 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 402, size_out = 402 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1366, size_out = 1366 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 9311, size_out = 9311 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 3572, size_out = 3572 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1619, size_out = 1619 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 2404, size_out = 2404 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 3013, size_out = 3013 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1708, size_out = 1708 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 2879, size_out = 2879 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1285, size_out = 1285 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1398, size_out = 1398 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1090, size_out = 1090 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 3789, size_out = 3789 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 436, size_out = 436 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 792, size_out = 792 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 384, size_out = 384 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 1217, size_out = 1217 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 622, size_out = 622 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 76, size_out = 76 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 527, size_out = 527 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 4051, size_out = 4051 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 7991, size_out = 7991 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 704, size_out = 704 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 8401, size_out = 8401 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\jsse.jar | size = 2096, size_out = 2096 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 2691, size_out = 2691 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1664, size_out = 1664 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 6028, size_out = 6028 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 7832, size_out = 7832 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5512, size_out = 5512 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 949, size_out = 949 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1167, size_out = 1167 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1427, size_out = 1427 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1429, size_out = 1429 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1873, size_out = 1873 |
|
1 | |
| Read | - | size = 8192, size_out = 108 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | - | size = 8192, size_out = 108 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | size = 8192, size_out = 40 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | size = 8192, size_out = 39 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | size = 8192, size_out = 0 |
|
2 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1396, size_out = 1396 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 582, size_out = 582 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 46400, size_out = 46400 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 263, size_out = 263 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 357, size_out = 357 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5472, size_out = 5472 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 3241, size_out = 3241 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1886, size_out = 1886 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 5529, size_out = 5529 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 1188, size_out = 1188 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 213, size_out = 213 |
|
1 | |
| Read | C:\Program Files\Java\jre7\lib\rt.jar | size = 541, size_out = 541 |
|
1 | |
| Write | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | size = 276 |
|
1 | |
| Write | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | size = 281 |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | - |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | - |
|
1 |
Registry (25)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | - |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | value_name = Desktop, data = C:\Users\2XC7u663GxWc\Desktop, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | value_name = GDIProcessHandleQuota, data = 16 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop | value_name = FontSmoothingOrientation, data = 1 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | value_name = Shell Icon BPP, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = NormalSize, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = NormalColor, type = REG_SZ |
|
1 |
Process (6)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | os_pid = 0xdb4, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | os_pid = 0xe1c, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | xcopy "C:\Program Files\Java\jre7" "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\" /e | os_pid = 0xe88, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | exit_code = 1 |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | exit_code = 1 |
|
1 | |
| Terminate | xcopy "C:\Program Files\Java\jre7" "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\" /e | exit_code = 1 |
|
1 |
Module (127)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | COMCTL32.dll | base_address = 0x73ee0000 |
|
1 | |
| Load | GDI32.dll | base_address = 0x754f0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x75700000 |
|
1 | |
| Load | C:\Windows\system32\user32.dll | base_address = 0x76b40000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.DLL | base_address = 0x731f0000 |
|
1 | |
| Load | C:\Windows\system32\UXTHEME.DLL | base_address = 0x73530000 |
|
1 | |
| Load | IPHLPAPI.DLL | base_address = 0x738f0000 |
|
1 | |
| Get Handle | c:\program files\java\jre7\bin\client\jvm.dll | base_address = 0x6b030000 |
|
2 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Filename | c:\program files\java\jre7\bin\client\jvm.dll | process_name = c:\program files\java\jre7\bin\java.exe, file_name_orig = C:\Program Files\Java\jre7\bin\client\jvm.dll, size = 260 |
|
1 | |
| Get Address | c:\program files\java\jre7\bin\client\jvm.dll | function = JVM_GetVersionInfo, address_out = 0x6b11d980 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x7557be77 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFinalPathNameByHandleW, address_out = 0x75574e2a |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstStreamW, address_out = 0x7559c8fa |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextStreamW, address_out = 0x7559c838 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x755c9aa9 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardLayout, address_out = 0x76b53800 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDoubleClickTime, address_out = 0x76b4ade0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x76b567cf |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = ToAsciiEx, address_out = 0x76b8b797 |
|
13 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardState, address_out = 0x76b76946 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitCommonControlsEx, address_out = 0x73f009ce |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = LoadIconW, address_out = 0x76b4f142 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClassW, address_out = 0x76b4ed4a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDC, address_out = 0x76b5544c |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address_out = 0x754f6f7f |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = ReleaseDC, address_out = 0x76b55421 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CreateWindowExW, address_out = 0x76b4ec7c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcW, address_out = 0x76b5507d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address_out = 0x76b4e30c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleInitialize, address_out = 0x7637efd7 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address_out = 0x76b4e09a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSysColor, address_out = 0x76b5db7a |
|
29 | |
| Get Address | c:\windows\system32\user32.dll | function = WaitMessage, address_out = 0x76b566bd |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = SHGetSettings, address_out = 0x759758e8 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateDCW, address_out = 0x754fcf79 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetStockObject, address_out = 0x754f5ddf |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = SelectObject, address_out = 0x754f6640 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextFaceW, address_out = 0x754fb73a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address_out = 0x754f7b8f |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteDC, address_out = 0x754f6eaa |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetProcessDPIAware, address_out = 0x76b5e95c |
|
1 | |
| Get Address | c:\windows\system32\dwmapi.dll | function = DwmIsCompositionEnabled, address_out = 0x731f1610 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = EnumDisplayMonitors, address_out = 0x76b534a3 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x754f73ad |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDIBits, address_out = 0x754fa23b |
|
2 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteObject, address_out = 0x754f5f14 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = OpenThemeData, address_out = 0x735373d2 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = DrawThemeBackground, address_out = 0x73533982 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = CloseThemeData, address_out = 0x73536a18 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = DrawThemeText, address_out = 0x73534ea1 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundContentRect, address_out = 0x7353cd2e |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeMargins, address_out = 0x735386e9 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = IsThemePartDefined, address_out = 0x735385b4 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeBool, address_out = 0x73537c1f |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeSysBool, address_out = 0x73563172 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeColor, address_out = 0x7353616c |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeEnumValue, address_out = 0x7353616c |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeInt, address_out = 0x7353616c |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemePosition, address_out = 0x73562350 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemePartSize, address_out = 0x7353cdb1 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = SetWindowTheme, address_out = 0x73540134 |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = IsThemeBackgroundPartiallyTransparent, address_out = 0x735360ab |
|
1 | |
| Get Address | c:\windows\system32\uxtheme.dll | function = GetThemeTransitionDuration, address_out = 0x73541081 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIfTable, address_out = 0x738fae94 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetFriendlyIfIndex, address_out = 0x738fd855 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpAddrTable, address_out = 0x738f9bb0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PeekMessageW, address_out = 0x76b5634a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = IsWindow, address_out = 0x76b553ba |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76b4ee32 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SendMessageW, address_out = 0x76b55539 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CallNextHookEx, address_out = 0x76b4abe1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = TranslateMessage, address_out = 0x76b564c7 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DispatchMessageW, address_out = 0x76b5cc61 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = EnumThreadWindows, address_out = 0x76b4b712 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostMessageW, address_out = 0x76b5447b |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostQuitMessage, address_out = 0x76b4b308 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleUninitialize, address_out = 0x7637eba1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetMessageW, address_out = 0x76b5cde8 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DestroyWindow, address_out = 0x76b4b2f4 |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | theAwtToolkitWindow | class_name = SunAwtToolkit, wndproc_parameter = 0 |
|
1 |
Keyboard (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
3 | |
| Read | result_out = 1 |
|
1 |
System (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Register Hook | type = WH_GETMESSAGE, hookproc_address = 0x6d1b1da0 |
|
1 | |
| Get Info | type = Operating System |
|
3 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Operating System |
|
9 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
3 |
Network Behavior
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = ZgW5tdPu |
|
2 | |
| Resolve Name | host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 |
|
1 |
Process #3: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:29, Reason: Child Process |
| Unmonitor | End Time: 00:00:42, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd64 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D68
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0015ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00190000 | 0x001b1fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x002bffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x002c0000 | 0x00326fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x00330000 | 0x00332fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x004c7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000004d0000 | 0x004d0000 | 0x005d0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000005e0000 | 0x005e0000 | 0x011dffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000011e0000 | 0x011e0000 | 0x0146afff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01470000 | 0x0173efff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a430000 | 0x4a47bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0xd78, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a430000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:49:34 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10885141 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: cscript.exe
93
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:30, Reason: Child Process |
| Unmonitor | End Time: 00:00:42, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd78 |
| Parent PID | 0xd64 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D7C
0x
D84
0x
D88
0x
D8C
0x
D90
0x
DA0
0x
DA4
0x
DA8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x00177fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000180000 | 0x00180000 | 0x00186fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00191fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x0029ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x003a0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x003b0000 | 0x003b2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x003e0000 | 0x0043bfff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x003e0000 | 0x003ebfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x00400fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive2955724691501239824.vbs | 0x00410000 | 0x00410fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00410000 | 0x0044bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000410000 | 0x00410000 | 0x0041ffff | Private Memory | - |
|
- |
|
- |
| retrive2955724691501239824.vbs | 0x00420000 | 0x00420fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00420000 | 0x0042efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0045ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0055ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0067ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000560000 | 0x00560000 | 0x0063efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000640000 | 0x00640000 | 0x0067ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x00780000 | 0x00a4efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000a90000 | 0x00a90000 | 0x00b8ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000c00000 | 0x00c00000 | 0x00cfffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00d10000 | 0x00d31fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000d40000 | 0x00d40000 | 0x0193ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001940000 | 0x01940000 | 0x01d3ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001d80000 | 0x01d80000 | 0x01e7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001e80000 | 0x01e80000 | 0x01f4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001f50000 | 0x01f50000 | 0x0204ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002050000 | 0x02050000 | 0x0222ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002050000 | 0x02050000 | 0x021bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000021f0000 | 0x021f0000 | 0x0222ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002330000 | 0x02330000 | 0x0242ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002450000 | 0x02450000 | 0x0254ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x0264ffff | Private Memory | - |
|
- |
|
- |
| comctl32.dll | 0x6ced0000 | 0x6cf53fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cf60000 | 0x6cfcafff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x71fa0000 | 0x71fd0fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x720b0000 | 0x720dcfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x720e0000 | 0x720f5fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x72100000 | 0x72107fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | size = 276, size_out = 276 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 100, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 100, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 100, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 213, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 213, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 176, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 176, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0xd10000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs, protection = PAGE_READONLY, maximum_size = 276 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive2955724691501239824.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 4530984 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 4530984 |
|
1 |
System (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:49:35 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10885640 |
|
1 | |
| Get Time | type = Ticks, time = 10886576 |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #6: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:40, Reason: Child Process |
| Unmonitor | End Time: 00:00:43, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdb4 |
| Parent PID | 0xd18 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DB8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x00187fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00196fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x002bffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x003c0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x003e0000 | 0x00401fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x00410000 | 0x00412fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x0042ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0056ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000570000 | 0x00570000 | 0x0116ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001170000 | 0x01170000 | 0x013fafff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01400000 | 0x016cefff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a430000 | 0x4a47bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0xdc8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a430000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:49:40 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10891178 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #7: cscript.exe
93
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:40, Reason: Child Process |
| Unmonitor | End Time: 00:00:43, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdc8 |
| Parent PID | 0xdb4 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DCC
0x
DD0
0x
DD4
0x
DD8
0x
DDC
0x
DE4
0x
DEC
0x
DF0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00100000 | 0x0010bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0020ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000210000 | 0x00210000 | 0x002d7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| rpcss.dll | 0x002e0000 | 0x0033bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive3009091646390096651.vbs | 0x00300000 | 0x00300fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00300000 | 0x0033bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | - |
|
- |
|
- |
| retrive3009091646390096651.vbs | 0x00310000 | 0x00310fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00310000 | 0x0031efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x0034ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0045ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x00560fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x006cffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000570000 | 0x00570000 | 0x0064efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000690000 | 0x00690000 | 0x006cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000006d0000 | 0x006d0000 | 0x0072ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x008fffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x00900000 | 0x00bcefff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00ceffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00d10000 | 0x00d31fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000d40000 | 0x00d40000 | 0x0193ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001940000 | 0x01940000 | 0x01a3ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001a40000 | 0x01a40000 | 0x01b3ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001b40000 | 0x01b40000 | 0x01f3ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001f80000 | 0x01f80000 | 0x0207ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002080000 | 0x02080000 | 0x0217ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002180000 | 0x02180000 | 0x0229ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002360000 | 0x02360000 | 0x0245ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000024a0000 | 0x024a0000 | 0x0259ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000025b0000 | 0x025b0000 | 0x026affff | Private Memory | - |
|
- |
|
- |
| comctl32.dll | 0x6ced0000 | 0x6cf53fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cf60000 | 0x6cfcafff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x71fa0000 | 0x71fd0fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x720b0000 | 0x720dcfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x720e0000 | 0x720f5fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x72100000 | 0x72107fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | size = 276, size_out = 276 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 54, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 54, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 16, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 16, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0xd10000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs, protection = PAGE_READONLY, maximum_size = 276 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3009091646390096651.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 3416872 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 3416872 |
|
1 |
System (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:49:40 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10891272 |
|
1 | |
| Get Time | type = Ticks, time = 10891490 |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #10: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:41, Reason: Child Process |
| Unmonitor | End Time: 00:00:43, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdf8 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DFC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0005ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00066fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x001a0000 | 0x001c1fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x001d0000 | 0x001d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x002dffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x002e0000 | 0x00346fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000350000 | 0x00350000 | 0x00417fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x00520fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x0112ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001130000 | 0x01130000 | 0x013bafff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x013c0000 | 0x0168efff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a430000 | 0x4a47bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0xe0c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a430000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:49:42 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10892645 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #11: cscript.exe
92
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:42, Reason: Child Process |
| Unmonitor | End Time: 00:00:43, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe0c |
| Parent PID | 0xdf8 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E10
0x
E18
0x
E2C
0x
E34
0x
E38
0x
E3C
0x
E40
0x
E44
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000cffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x00197fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x003b0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x003c0000 | 0x003c2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x004cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x004f0000 | 0x0054bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000004f0000 | 0x004f0000 | 0x005fffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x004f0000 | 0x004fbfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000500000 | 0x00500000 | 0x00500fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000510000 | 0x00510000 | 0x00510fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive4432003530389164433.vbs | 0x00520000 | 0x00520fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00520000 | 0x0055bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000520000 | 0x00520000 | 0x0052ffff | Private Memory | - |
|
- |
|
- |
| retrive4432003530389164433.vbs | 0x00530000 | 0x00530fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00530000 | 0x0053efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x005fffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000600000 | 0x00600000 | 0x006defff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000730000 | 0x00730000 | 0x0082ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000880000 | 0x00880000 | 0x0097ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x00980000 | 0x00c4efff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x00d10000 | 0x00d31fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000d40000 | 0x00d40000 | 0x0193ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000019b0000 | 0x019b0000 | 0x01aaffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001ab0000 | 0x01ab0000 | 0x01eaffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01ffffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01faffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x01ffffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002020000 | 0x02020000 | 0x0211ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002120000 | 0x02120000 | 0x0221ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002220000 | 0x02220000 | 0x0235ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000023c0000 | 0x023c0000 | 0x024bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000024d0000 | 0x024d0000 | 0x025cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x0273ffff | Private Memory | - |
|
- |
|
- |
| comctl32.dll | 0x6ce60000 | 0x6cee3fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cef0000 | 0x6cf5afff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x6cf90000 | 0x6cfc0fff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x71fb0000 | 0x71fdcfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x720d0000 | 0x720e5fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x720f0000 | 0x720f7fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | size = 281, size_out = 281 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 181, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 181, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 48, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 48, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0xd10000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs, protection = PAGE_READONLY, maximum_size = 281 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 795432 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 795432 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:49:42 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10892707 |
|
1 | |
| Get Time | type = Ticks, time = 10892785 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #12: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:42, Reason: Child Process |
| Unmonitor | End Time: 00:00:44, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe1c |
| Parent PID | 0xd18 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E20
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000effff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x001b7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x001e0000 | 0x00201fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x00210000 | 0x00212fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0031ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000320000 | 0x00320000 | 0x00420fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x0057ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000580000 | 0x00580000 | 0x0117ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001180000 | 0x01180000 | 0x0140afff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01410000 | 0x016defff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a430000 | 0x4a47bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0xe48, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a430000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:49:42 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10892910 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #13: cscript.exe
92
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:42, Reason: Child Process |
| Unmonitor | End Time: 00:00:44, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe48 |
| Parent PID | 0xe1c (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E4C
0x
E54
0x
E60
0x
E6C
0x
E70
0x
E74
0x
E7C
0x
E80
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00100000 | 0x0010bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000120000 | 0x00120000 | 0x00120fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive8453022226677560905.vbs | 0x00130000 | 0x00130fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0013ffff | Private Memory | - |
|
- |
|
- |
| retrive8453022226677560905.vbs | 0x00140000 | 0x00140fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00140000 | 0x0014efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00160000 | 0x001bbfff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00160000 | 0x0019bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x002cffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x00397fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0054ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x00650fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000660000 | 0x00660000 | 0x0071ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000720000 | 0x00720000 | 0x007fefff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x0096ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x008fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000960000 | 0x00960000 | 0x0096ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000970000 | 0x00970000 | 0x00a6ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000b70000 | 0x00b70000 | 0x00c6ffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00d10000 | 0x00d31fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000d40000 | 0x00d40000 | 0x0193ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01940000 | 0x01c0efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001cf0000 | 0x01cf0000 | 0x01deffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001df0000 | 0x01df0000 | 0x021effff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000021f0000 | 0x021f0000 | 0x022effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000022f0000 | 0x022f0000 | 0x024cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002390000 | 0x02390000 | 0x0248ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002490000 | 0x02490000 | 0x024cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000024d0000 | 0x024d0000 | 0x0268ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002500000 | 0x02500000 | 0x025fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002650000 | 0x02650000 | 0x0268ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000026c0000 | 0x026c0000 | 0x027bffff | Private Memory | - |
|
- |
|
- |
| comctl32.dll | 0x6ced0000 | 0x6cf53fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cf60000 | 0x6cfcafff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x71fa0000 | 0x71fd0fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x720b0000 | 0x720dcfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x720e0000 | 0x720f5fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x72100000 | 0x72107fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | size = 281, size_out = 281 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 30, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 30, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 16, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 16, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0xd10000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs, protection = PAGE_READONLY, maximum_size = 281 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive8453022226677560905.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 1385256 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 1385256 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:49:42 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10893003 |
|
1 | |
| Get Time | type = Ticks, time = 10893159 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #14: xcopy.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\xcopy.exe |
| Command Line | xcopy "C:\Program Files\Java\jre7" "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\" /e |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:42, Reason: Child Process |
| Unmonitor | End Time: 00:00:56, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe58 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E5C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x0017ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x00200000 | 0x00266fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000270000 | 0x00270000 | 0x00337fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x0039ffff | Private Memory | - |
|
- |
|
- |
| xcopy.exe | 0x003b0000 | 0x003bbfff | Memory Mapped File | - |
|
- |
|
- |
| ifsutil.dll | 0x6d8f0000 | 0x6d916fff | Memory Mapped File | - |
|
- |
|
- |
| ulib.dll | 0x71f80000 | 0x71f9cfff | Memory Mapped File | - |
|
- |
|
- |
| devobj.dll | 0x750a0000 | 0x750b1fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| cfgmgr32.dll | 0x751d0000 | 0x751f6fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| setupapi.dll | 0x76c10000 | 0x76dacfff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Process #15: xcopy.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\xcopy.exe |
| Command Line | xcopy "C:\Program Files\Java\jre7" "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\" /e |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:38 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe88 |
| Parent PID | 0xd18 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E8C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x000affff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0020ffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x00210000 | 0x00276fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000280000 | 0x00280000 | 0x00347fff | Pagefile Backed Memory | - |
|
- |
|
- |
| xcopy.exe | 0x003b0000 | 0x003bbfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000580000 | 0x00580000 | 0x0058ffff | Private Memory | - |
|
- |
|
- |
| ifsutil.dll | 0x6d8f0000 | 0x6d916fff | Memory Mapped File | - |
|
- |
|
- |
| ulib.dll | 0x71f80000 | 0x71f9cfff | Memory Mapped File | - |
|
- |
|
- |
| devobj.dll | 0x750a0000 | 0x750b1fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| cfgmgr32.dll | 0x751d0000 | 0x751f6fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| setupapi.dll | 0x76c10000 | 0x76dacfff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Process #16: reg.exe
10
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\system32\reg.exe |
| Command Line | reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v NTMGCGGUKus /t REG_EXPAND_SZ /d "\"C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm\"" /f |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf40 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F44
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x000a0000 | 0x00106fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00111fff | Pagefile Backed Memory | - |
|
- |
|
- |
| reg.exe.mui | 0x00120000 | 0x00128fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0024ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002fffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000300000 | 0x00300000 | 0x003c7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x004d0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x004e0000 | 0x007aefff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll.mui | 0x007b0000 | 0x0086ffff | Memory Mapped File | - |
|
- |
|
- |
| reg.exe | 0x00a00000 | 0x00a51fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000a60000 | 0x00a60000 | 0x0165ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 |
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = NTMGCGGUKus |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = NTMGCGGUKus, data = "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm", size = 242, type = REG_EXPAND_SZ |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\reg.exe | base_address = 0xa00000 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:49:58 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10908525 |
|
1 |
Process #17: attrib.exe
0
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\attrib.exe |
| Command Line | attrib +h "C:\Users\2XC7u663GxWc\cqsFQOTqbmg\*.*" |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf48 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F4C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0022ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x00497fff | Pagefile Backed Memory | - |
|
- |
|
- |
| attrib.exe | 0x00620000 | 0x00626fff | Memory Mapped File | - |
|
- |
|
- |
| ulib.dll | 0x71f80000 | 0x71f9cfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Process #18: attrib.exe
0
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\attrib.exe |
| Command Line | attrib +h "C:\Users\2XC7u663GxWc\cqsFQOTqbmg" |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf50 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F54
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x00277fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0045ffff | Private Memory | - |
|
- |
|
- |
| attrib.exe | 0x00620000 | 0x00626fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x0080ffff | Private Memory | - |
|
- |
|
- |
| ulib.dll | 0x71f80000 | 0x71f9cfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Process #19: javaw.exe
3499
3
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe |
| Command Line | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf58 |
| Parent PID | 0xcc0 (c:\program files\java\jre7\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F5C
0x
F90
0x
F94
0x
F98
0x
F9C
0x
FA0
0x
FA4
0x
FA8
0x
FB0
0x
FAC
0x
FB4
0x
FF0
0x
FF4
0x
FF8
0x
90
0x
978
0x
92C
0x
9F4
0x
25C
0x
3F8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00042fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x00187fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | - |
|
- |
|
- |
| tzres.dll | 0x001a0000 | 0x001a0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001dffff | Private Memory | - |
|
- |
|
- |
| javaw.exe | 0x001e0000 | 0x0020efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0025ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000260000 | 0x00260000 | 0x00360fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000370000 | 0x00370000 | 0x00371fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | - |
|
- |
|
- |
| 3928 | 0x003a0000 | 0x003affff | Memory Mapped File | rw |
|
|
|
|
| private_0x00000000003b0000 | 0x003b0000 | 0x0042ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0043ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0044ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0054ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x0114ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001150000 | 0x01150000 | 0x0124ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001150000 | 0x01150000 | 0x011fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001200000 | 0x01200000 | 0x0122ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001240000 | 0x01240000 | 0x0124ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001250000 | 0x01250000 | 0x0134ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001350000 | 0x01350000 | 0x01742fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001750000 | 0x01750000 | 0x018effff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x01750000 | 0x0178bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001790000 | 0x01790000 | 0x017dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000017e0000 | 0x017e0000 | 0x018dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000018e0000 | 0x018e0000 | 0x018effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000018f0000 | 0x018f0000 | 0x01adffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000018f0000 | 0x018f0000 | 0x0194ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001990000 | 0x01990000 | 0x019dffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01adffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x03adffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b00000 | 0x03b00000 | 0x03b4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b50000 | 0x03b50000 | 0x03b9ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003ba0000 | 0x03ba0000 | 0x03beffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c30000 | 0x03c30000 | 0x03c7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c80000 | 0x03c80000 | 0x03d0ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d50000 | 0x03d50000 | 0x03d9ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003e00000 | 0x03e00000 | 0x03e4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003ec0000 | 0x03ec0000 | 0x03f0ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003f10000 | 0x03f10000 | 0x0410ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x04110000 | 0x043defff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x045cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x0458ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x0453ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x044dffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004500000 | 0x04500000 | 0x0453ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004580000 | 0x04580000 | 0x0458ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004590000 | 0x04590000 | 0x045cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000045d0000 | 0x045d0000 | 0x047bffff | Private Memory | - |
|
- |
|
- |
| kernelbase.dll.mui | 0x045d0000 | 0x0468ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000046a0000 | 0x046a0000 | 0x046effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004700000 | 0x04700000 | 0x0474ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000047b0000 | 0x047b0000 | 0x047bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000047c0000 | 0x047c0000 | 0x04bbffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004bc0000 | 0x04bc0000 | 0x053bffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000005410000 | 0x05410000 | 0x0545ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x28c1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x336cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x376cffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x376d0000 | 0x37b0ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000037b10000 | 0x37b10000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x3871ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x380d0000 | 0x3871ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038720000 | 0x38720000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x38f3ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x38cd0000 | 0x38f3ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038f40000 | 0x38f40000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x390dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390e0000 | 0x390e0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| jvm.dll | 0x6acb0000 | 0x6b02ffff | Memory Mapped File | - |
|
- |
|
- |
| awt.dll | 0x6cdc0000 | 0x6cf02fff | Memory Mapped File | - |
|
- |
|
- |
| msvcr100.dll | 0x6cf10000 | 0x6cfcefff | Memory Mapped File | - |
|
- |
|
- |
| winmm.dll | 0x70250000 | 0x70281fff | Memory Mapped File | - |
|
- |
|
- |
| pnrpnsp.dll | 0x71760000 | 0x71771fff | Memory Mapped File | - |
|
- |
|
- |
| winrnr.dll | 0x71780000 | 0x71787fff | Memory Mapped File | - |
|
- |
|
- |
| napinsp.dll | 0x717a0000 | 0x717affff | Memory Mapped File | - |
|
- |
|
- |
| rasadhlp.dll | 0x717b0000 | 0x717b5fff | Memory Mapped File | - |
|
- |
|
- |
| net.dll | 0x71fa0000 | 0x71fb3fff | Memory Mapped File | - |
|
- |
|
- |
| sunec.dll | 0x71fc0000 | 0x71fdffff | Memory Mapped File | - |
|
- |
|
- |
| nio.dll | 0x720b0000 | 0x720befff | Memory Mapped File | - |
|
- |
|
- |
| zip.dll | 0x720c0000 | 0x720d2fff | Memory Mapped File | - |
|
- |
|
- |
| java.dll | 0x720e0000 | 0x720fffff | Memory Mapped File | - |
|
- |
|
- |
| verify.dll | 0x72100000 | 0x7210bfff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| fwpuclnt.dll | 0x737d0000 | 0x73807fff | Memory Mapped File | - |
|
- |
|
- |
| winnsi.dll | 0x738e0000 | 0x738e6fff | Memory Mapped File | - |
|
- |
|
- |
| iphlpapi.dll | 0x738f0000 | 0x7390bfff | Memory Mapped File | - |
|
- |
|
- |
| nlaapi.dll | 0x73a60000 | 0x73a6ffff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x73ee0000 | 0x7407dfff | Memory Mapped File | - |
|
- |
|
- |
| wsock32.dll | 0x740b0000 | 0x740b6fff | Memory Mapped File | - |
|
- |
|
- |
| wshtcpip.dll | 0x744e0000 | 0x744e4fff | Memory Mapped File | - |
|
- |
|
- |
| userenv.dll | 0x745b0000 | 0x745c6fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| dnsapi.dll | 0x74850000 | 0x74893fff | Memory Mapped File | - |
|
- |
|
- |
| wship6.dll | 0x74980000 | 0x74985fff | Memory Mapped File | - |
|
- |
|
- |
| mswsock.dll | 0x74990000 | 0x749cbfff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| profapi.dll | 0x74f00000 | 0x74f0afff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| psapi.dll | 0x76350000 | 0x76354fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffae000 | 0x7ffae000 | 0x7ffaefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffaf000 | 0x7ffaf000 | 0x7ffaffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
|
For performance reasons, the remaining 32 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | 0.27 KB |
MD5:
a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510 SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn |
|
|
Host Behavior
File (2584)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\3928 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
3 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.080316539076114361006181509658991106.class | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\System32\test.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | - |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\nccJQMiokAP | - |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\endorsed | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | type = file_attributes |
|
3 | |
| Get Info | - | type = file_type |
|
5 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext | type = file_attributes |
|
3 | |
| Get Info | - | type = size, size_out = 829 |
|
1 | |
| Get Info | C:\Windows\Sun\Java\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\access-bridge.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\dnsns.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\jaccess.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\localedata.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = file_attributes |
|
5 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\zipfs.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Sun\Java\lib\ext | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\management\usagetracker.properties | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib | type = file_attributes |
|
2 | |
| Get Info | - | type = size, size_out = 2190 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\sunrsasign.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\charsets.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jfr.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\classes | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\meta-index | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | type = file_attributes |
|
1 | |
| Get Info | - | type = size, size_out = 17824 |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\x86\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\net.dll | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\nio.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.080316539076114361006181509658991106.class | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jaxp.properties | type = file_attributes |
|
2 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\awt.dll | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | type = size, size_out = 47 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\nccJQMiokAP | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\nccJQMiokAP | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\x86\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = size, size_out = 3070 |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
6 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 22, size_out = 22 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 1024, size_out = 1024 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 30, size_out = 30 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | size = 4096, size_out = 686 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | size = 4096, size_out = 0 |
|
1 | |
| Read | - | size = 4096, size_out = 2190 |
|
1 | |
| Read | - | size = 4096, size_out = 0 |
|
1 | |
| Read | - | size = 2416, size_out = 2416 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | size = 65536, size_out = 65536 |
|
1 | |
| Read | - | size = 4, size_out = 4 |
|
6 | |
| Read | - | size = 128, size_out = 128 |
|
9 | |
| Read | - | size = 7, size_out = 7 |
|
2 | |
| Read | - | size = 1781193, size_out = 1781193 |
|
1 | |
| Read | - | size = 160, size_out = 160 |
|
667 | |
| Read | - | size = 30, size_out = 30 |
|
768 | |
| Read | - | size = 709, size_out = 709 |
|
1 | |
| Read | - | size = 277, size_out = 277 |
|
2 | |
| Read | - | size = 2305, size_out = 2305 |
|
1 | |
| Read | - | size = 1022, size_out = 1022 |
|
1 | |
| Read | - | size = 2882, size_out = 2882 |
|
1 | |
| Read | - | size = 104, size_out = 104 |
|
1 | |
| Read | - | size = 728, size_out = 728 |
|
1 | |
| Read | - | size = 345, size_out = 345 |
|
2 | |
| Read | - | size = 815, size_out = 815 |
|
1 | |
| Read | - | size = 1105, size_out = 1105 |
|
1 | |
| Read | - | size = 1761, size_out = 1761 |
|
1 | |
| Read | - | size = 514, size_out = 514 |
|
2 | |
| Read | - | size = 970, size_out = 970 |
|
1 | |
| Read | - | size = 2589, size_out = 2589 |
|
1 | |
| Read | - | size = 1008, size_out = 1008 |
|
1 | |
| Read | - | size = 2004, size_out = 2004 |
|
1 | |
| Read | - | size = 669, size_out = 669 |
|
1 | |
| Read | - | size = 8192, size_out = 829 |
|
1 | |
| Read | - | size = 962, size_out = 962 |
|
2 | |
| Read | - | size = 934, size_out = 934 |
|
1 | |
| Read | - | size = 1720, size_out = 1720 |
|
1 | |
| Read | - | size = 1012, size_out = 1012 |
|
2 | |
| Read | - | size = 3028, size_out = 3028 |
|
1 | |
| Read | - | size = 1111, size_out = 1111 |
|
3 | |
| Read | - | size = 2976, size_out = 2976 |
|
1 | |
| Read | - | size = 672, size_out = 672 |
|
2 | |
| Read | - | size = 1189, size_out = 1189 |
|
1 | |
| Read | - | size = 2646, size_out = 2646 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
3 | |
| Read | - | size = 966, size_out = 966 |
|
1 | |
| Read | - | size = 800, size_out = 800 |
|
1 | |
| Read | - | size = 1280, size_out = 1280 |
|
1 | |
| Read | - | size = 609, size_out = 609 |
|
1 | |
| Read | - | size = 628, size_out = 628 |
|
1 | |
| Read | - | size = 328, size_out = 328 |
|
2 | |
| Read | - | size = 327, size_out = 327 |
|
1 | |
| Read | - | size = 12212, size_out = 12212 |
|
1 | |
| Read | - | size = 748, size_out = 748 |
|
1 | |
| Read | - | size = 6630, size_out = 6630 |
|
1 | |
| Read | - | size = 3392, size_out = 3392 |
|
1 | |
| Read | - | size = 30105, size_out = 30105 |
|
2 | |
| Read | - | size = 2563, size_out = 2563 |
|
2 | |
| Read | - | size = 476, size_out = 476 |
|
1 | |
| Read | - | size = 2703, size_out = 2703 |
|
1 | |
| Read | - | size = 753, size_out = 753 |
|
1 | |
| Read | - | size = 3690, size_out = 3690 |
|
1 | |
| Read | - | size = 3361, size_out = 3361 |
|
1 | |
| Read | - | size = 3599, size_out = 3599 |
|
1 | |
| Read | - | size = 260, size_out = 260 |
|
1 | |
| Read | - | size = 1899, size_out = 1899 |
|
1 | |
| Read | - | size = 678, size_out = 678 |
|
2 | |
| Read | - | size = 100, size_out = 100 |
|
5 | |
| Read | - | size = 1909, size_out = 1909 |
|
1 | |
| Read | - | size = 670, size_out = 670 |
|
1 | |
| Read | - | size = 762, size_out = 762 |
|
1 | |
| Read | - | size = 391, size_out = 391 |
|
2 | |
| Read | - | size = 452, size_out = 452 |
|
2 | |
| Read | - | size = 536, size_out = 536 |
|
3 | |
| Read | - | size = 521, size_out = 521 |
|
2 | |
| Read | - | size = 491, size_out = 491 |
|
1 | |
| Read | - | size = 506, size_out = 506 |
|
1 | |
| Read | - | size = 515, size_out = 515 |
|
1 | |
| Read | - | size = 361, size_out = 361 |
|
1 | |
| Read | - | size = 331, size_out = 331 |
|
4 | |
| Read | - | size = 675, size_out = 675 |
|
1 | |
| Read | - | size = 451, size_out = 451 |
|
1 | |
| Read | - | size = 355, size_out = 355 |
|
1 | |
| Read | - | size = 299, size_out = 299 |
|
1 | |
| Read | - | size = 474, size_out = 474 |
|
1 | |
| Read | - | size = 655, size_out = 655 |
|
1 | |
| Read | - | size = 303, size_out = 303 |
|
2 | |
| Read | - | size = 335, size_out = 335 |
|
3 | |
| Read | - | size = 418, size_out = 418 |
|
2 | |
| Read | - | size = 430, size_out = 430 |
|
1 | |
| Read | - | size = 453, size_out = 453 |
|
1 | |
| Read | - | size = 555, size_out = 555 |
|
1 | |
| Read | - | size = 408, size_out = 408 |
|
1 | |
| Read | - | size = 477, size_out = 477 |
|
2 | |
| Read | - | size = 562, size_out = 562 |
|
1 | |
| Read | - | size = 394, size_out = 394 |
|
1 | |
| Read | - | size = 462, size_out = 462 |
|
1 | |
| Read | - | size = 371, size_out = 371 |
|
1 | |
| Read | - | size = 231, size_out = 231 |
|
2 | |
| Read | - | size = 496, size_out = 496 |
|
3 | |
| Read | - | size = 691, size_out = 691 |
|
1 | |
| Read | - | size = 509, size_out = 509 |
|
1 | |
| Read | - | size = 580, size_out = 580 |
|
1 | |
| Read | - | size = 348, size_out = 348 |
|
2 | |
| Read | - | size = 802, size_out = 802 |
|
2 | |
| Read | - | size = 1127, size_out = 1127 |
|
1 | |
| Read | - | size = 8192, size_out = 2190 |
|
1 | |
| Read | - | size = 329, size_out = 329 |
|
1 | |
| Read | - | size = 383, size_out = 383 |
|
2 | |
| Read | - | size = 332, size_out = 332 |
|
2 | |
| Read | - | size = 461, size_out = 461 |
|
1 | |
| Read | - | size = 570, size_out = 570 |
|
1 | |
| Read | - | size = 5504, size_out = 5504 |
|
1 | |
| Read | - | size = 582, size_out = 582 |
|
2 | |
| Read | - | size = 535, size_out = 535 |
|
1 | |
| Read | - | size = 315, size_out = 315 |
|
1 | |
| Read | - | size = 6708, size_out = 6708 |
|
1 | |
| Read | - | size = 4096, size_out = 4096 |
|
4 | |
| Read | - | size = 1693, size_out = 1693 |
|
1 | |
| Read | - | size = 1351, size_out = 1351 |
|
1 | |
| Read | - | size = 1358, size_out = 1358 |
|
1 | |
| Read | - | size = 8192, size_out = 8192 |
|
30 | |
| Read | - | size = 8192, size_out = 1440 |
|
1 | |
| Read | - | size = 2345, size_out = 2345 |
|
1 | |
| Read | - | size = 13694, size_out = 13694 |
|
1 | |
| Read | - | size = 1056, size_out = 1056 |
|
1 | |
| Read | - | size = 3940, size_out = 3940 |
|
1 | |
| Read | - | size = 5672, size_out = 5672 |
|
1 | |
| Read | - | size = 844, size_out = 844 |
|
1 | |
| Read | - | size = 1453, size_out = 1453 |
|
1 | |
| Read | - | size = 803, size_out = 803 |
|
3 | |
| Read | - | size = 2601, size_out = 2601 |
|
1 | |
| Read | - | size = 1240, size_out = 1240 |
|
1 | |
| Read | - | size = 590, size_out = 590 |
|
5 | |
| Read | - | size = 525, size_out = 525 |
|
4 | |
| Read | - | size = 1320, size_out = 1320 |
|
6 | |
| Read | - | size = 2666, size_out = 2666 |
|
1 | |
| Read | - | size = 314, size_out = 314 |
|
1 | |
| Read | - | size = 951, size_out = 951 |
|
1 | |
| Read | - | size = 10594, size_out = 10594 |
|
1 | |
| Read | - | size = 3882, size_out = 3882 |
|
1 | |
| Read | - | size = 3549, size_out = 3549 |
|
1 | |
| Read | - | size = 1381, size_out = 1381 |
|
1 | |
| Read | - | size = 8211, size_out = 8211 |
|
1 | |
| Read | - | size = 1075, size_out = 1075 |
|
1 | |
| Read | - | size = 3695, size_out = 3695 |
|
1 | |
| Read | - | size = 2117, size_out = 2117 |
|
1 | |
| Read | - | size = 346, size_out = 346 |
|
1 | |
| Read | - | size = 576, size_out = 576 |
|
1 | |
| Read | - | size = 24203, size_out = 24203 |
|
1 | |
| Read | - | size = 13092, size_out = 13092 |
|
1 | |
| Read | - | size = 623, size_out = 623 |
|
1 | |
| Read | - | size = 3174, size_out = 3174 |
|
1 | |
| Read | - | size = 2257, size_out = 2257 |
|
1 | |
| Read | - | size = 1621, size_out = 1621 |
|
1 | |
| Read | - | size = 2395, size_out = 2395 |
|
1 | |
| Read | - | size = 14258, size_out = 14258 |
|
1 | |
| Read | - | size = 853, size_out = 853 |
|
1 | |
| Read | - | size = 967, size_out = 967 |
|
1 | |
| Read | - | size = 3914, size_out = 3914 |
|
1 | |
| Read | - | size = 5828, size_out = 5828 |
|
1 | |
| Read | - | size = 12814, size_out = 12814 |
|
1 | |
| Read | - | size = 4077, size_out = 4077 |
|
1 | |
| Read | - | size = 2399, size_out = 2399 |
|
1 | |
| Read | - | size = 2181, size_out = 2181 |
|
1 | |
| Read | - | size = 308, size_out = 308 |
|
1 | |
| Read | - | size = 381, size_out = 381 |
|
1 | |
| Read | - | size = 78, size_out = 78 |
|
2 | |
| Read | - | size = 4556, size_out = 4556 |
|
1 | |
| Read | - | size = 6732, size_out = 6732 |
|
1 | |
| Read | - | size = 732, size_out = 732 |
|
1 | |
| Read | - | size = 454, size_out = 454 |
|
2 | |
| Read | - | size = 457, size_out = 457 |
|
1 | |
| Read | - | size = 973, size_out = 973 |
|
2 | |
| Read | - | size = 310, size_out = 310 |
|
1 | |
| Read | - | size = 2812, size_out = 2812 |
|
1 | |
| Read | - | size = 278, size_out = 278 |
|
1 | |
| Read | - | size = 131, size_out = 131 |
|
1 | |
| Read | - | size = 3431, size_out = 3431 |
|
1 | |
| Read | - | size = 382, size_out = 382 |
|
2 | |
| Read | - | size = 281, size_out = 281 |
|
1 | |
| Read | - | size = 5929, size_out = 5929 |
|
1 | |
| Read | - | size = 6713, size_out = 6713 |
|
1 | |
| Read | - | size = 3217, size_out = 3217 |
|
1 | |
| Read | - | size = 265, size_out = 265 |
|
2 | |
| Read | - | size = 6705, size_out = 6705 |
|
1 | |
| Read | - | size = 1434, size_out = 1434 |
|
2 | |
| Read | - | size = 5439, size_out = 5439 |
|
1 | |
| Read | - | size = 619, size_out = 619 |
|
1 | |
| Read | - | size = 10470, size_out = 10470 |
|
1 | |
| Read | - | size = 3596, size_out = 3596 |
|
5 | |
| Read | - | size = 3529, size_out = 3529 |
|
3 | |
| Read | - | size = 735, size_out = 735 |
|
2 | |
| Read | - | size = 4170, size_out = 4170 |
|
1 | |
| Read | - | size = 817, size_out = 817 |
|
1 | |
| Read | - | size = 2357, size_out = 2357 |
|
1 | |
| Read | - | size = 187, size_out = 187 |
|
3 | |
| Read | - | size = 3665, size_out = 3665 |
|
2 | |
| Read | - | size = 3856, size_out = 3856 |
|
2 | |
| Read | - | size = 333, size_out = 333 |
|
2 | |
| Read | - | size = 2915, size_out = 2915 |
|
1 | |
| Read | - | size = 350, size_out = 350 |
|
2 | |
| Read | - | size = 213, size_out = 213 |
|
2 | |
| Read | - | size = 1319, size_out = 1319 |
|
1 | |
| Read | - | size = 151, size_out = 151 |
|
2 | |
| Read | - | size = 92, size_out = 92 |
|
1 | |
| Read | - | size = 47, size_out = 47 |
|
1 | |
| Read | - | size = 115, size_out = 115 |
|
1 | |
| Read | - | size = 502, size_out = 502 |
|
1 | |
| Read | - | size = 807, size_out = 807 |
|
1 | |
| Read | - | size = 530, size_out = 530 |
|
1 | |
| Read | - | size = 1987, size_out = 1987 |
|
1 | |
| Read | - | size = 706, size_out = 706 |
|
2 | |
| Read | - | size = 3777, size_out = 3777 |
|
1 | |
| Read | - | size = 3082, size_out = 3082 |
|
2 | |
| Read | - | size = 4270, size_out = 4270 |
|
1 | |
| Read | - | size = 8559, size_out = 8559 |
|
1 | |
| Read | - | size = 6031, size_out = 6031 |
|
1 | |
| Read | - | size = 671, size_out = 671 |
|
1 | |
| Read | - | size = 1961, size_out = 1961 |
|
1 | |
| Read | - | size = 3287, size_out = 3287 |
|
1 | |
| Read | - | size = 3661, size_out = 3661 |
|
1 | |
| Read | - | size = 292, size_out = 292 |
|
1 | |
| Read | - | size = 389, size_out = 389 |
|
1 | |
| Read | - | size = 411, size_out = 411 |
|
1 | |
| Read | - | size = 194, size_out = 194 |
|
2 | |
| Read | - | size = 242, size_out = 242 |
|
4 | |
| Read | - | size = 1318, size_out = 1318 |
|
1 | |
| Read | - | size = 153, size_out = 153 |
|
2 | |
| Read | - | size = 209, size_out = 209 |
|
3 | |
| Read | - | size = 883, size_out = 883 |
|
1 | |
| Read | - | size = 994, size_out = 994 |
|
2 | |
| Read | - | size = 780, size_out = 780 |
|
1 | |
| Read | - | size = 206, size_out = 206 |
|
1 | |
| Read | - | size = 533, size_out = 533 |
|
1 | |
| Read | - | size = 775, size_out = 775 |
|
1 | |
| Read | - | size = 301, size_out = 301 |
|
1 | |
| Read | - | size = 1137, size_out = 1137 |
|
2 | |
| Read | - | size = 1486, size_out = 1486 |
|
1 | |
| Read | - | size = 1009, size_out = 1009 |
|
1 | |
| Read | - | size = 1052, size_out = 1052 |
|
1 | |
| Read | - | size = 269, size_out = 269 |
|
1 | |
| Read | - | size = 1438, size_out = 1438 |
|
1 | |
| Read | - | size = 2684, size_out = 2684 |
|
1 | |
| Read | - | size = 157, size_out = 157 |
|
1 | |
| Read | - | size = 902, size_out = 902 |
|
1 | |
| Read | - | size = 1516, size_out = 1516 |
|
1 | |
| Read | - | size = 925, size_out = 925 |
|
1 | |
| Read | - | size = 1403, size_out = 1403 |
|
1 | |
| Read | - | size = 684, size_out = 684 |
|
1 | |
| Read | - | size = 2171, size_out = 2171 |
|
1 | |
| Read | - | size = 1421, size_out = 1421 |
|
1 | |
| Read | - | size = 694, size_out = 694 |
|
2 | |
| Read | - | size = 171, size_out = 171 |
|
1 | |
| Read | - | size = 814, size_out = 814 |
|
1 | |
| Read | - | size = 608, size_out = 608 |
|
1 | |
| Read | - | size = 677, size_out = 677 |
|
1 | |
| Read | - | size = 274, size_out = 274 |
|
2 | |
| Read | - | size = 1343, size_out = 1343 |
|
1 | |
| Read | - | size = 541, size_out = 541 |
|
2 | |
| Read | - | size = 2912, size_out = 2912 |
|
1 | |
| Read | - | size = 1249, size_out = 1249 |
|
1 | |
| Read | - | size = 1311, size_out = 1311 |
|
1 | |
| Read | - | size = 1605, size_out = 1605 |
|
1 | |
| Read | - | size = 557, size_out = 557 |
|
2 | |
| Read | - | size = 173, size_out = 173 |
|
1 | |
| Read | - | size = 2789, size_out = 2789 |
|
2 | |
| Read | - | size = 230, size_out = 230 |
|
1 | |
| Read | - | size = 1133, size_out = 1133 |
|
1 | |
| Read | - | size = 321, size_out = 321 |
|
1 | |
| Read | - | size = 190, size_out = 190 |
|
1 | |
| Read | - | size = 3185, size_out = 3185 |
|
1 | |
| Read | - | size = 4522, size_out = 4522 |
|
2 | |
| Read | - | size = 978, size_out = 978 |
|
2 | |
| Read | - | size = 839, size_out = 839 |
|
1 | |
| Read | - | size = 1309, size_out = 1309 |
|
1 | |
| Read | - | size = 1312, size_out = 1312 |
|
2 | |
| Read | - | size = 696, size_out = 696 |
|
1 | |
| Read | - | size = 3200, size_out = 3200 |
|
1 | |
| Read | - | size = 207, size_out = 207 |
|
1 | |
| Read | - | size = 823, size_out = 823 |
|
1 | |
| Read | - | size = 824, size_out = 824 |
|
1 | |
| Read | - | size = 349, size_out = 349 |
|
2 | |
| Read | - | size = 2972, size_out = 2972 |
|
1 | |
| Read | - | size = 2977, size_out = 2977 |
|
1 | |
| Read | - | size = 611, size_out = 611 |
|
1 | |
| Read | - | size = 668, size_out = 668 |
|
1 | |
| Read | - | size = 283, size_out = 283 |
|
2 | |
| Read | - | size = 1118, size_out = 1118 |
|
1 | |
| Read | - | size = 834, size_out = 834 |
|
1 | |
| Read | - | size = 769, size_out = 769 |
|
1 | |
| Read | - | size = 1478, size_out = 1478 |
|
1 | |
| Read | - | size = 1298, size_out = 1298 |
|
1 | |
| Read | - | size = 1655, size_out = 1655 |
|
1 | |
| Read | - | size = 984, size_out = 984 |
|
1 | |
| Read | - | size = 3278, size_out = 3278 |
|
1 | |
| Read | - | size = 833, size_out = 833 |
|
1 | |
| Read | - | size = 1450, size_out = 1450 |
|
1 | |
| Read | - | size = 1081, size_out = 1081 |
|
1 | |
| Read | - | size = 550, size_out = 550 |
|
1 | |
| Read | - | size = 922, size_out = 922 |
|
1 | |
| Read | - | size = 5457, size_out = 5457 |
|
1 | |
| Read | - | size = 1143, size_out = 1143 |
|
1 | |
| Read | - | size = 2597, size_out = 2597 |
|
1 | |
| Read | - | size = 325, size_out = 325 |
|
2 | |
| Read | - | size = 271, size_out = 271 |
|
1 | |
| Read | - | size = 1084, size_out = 1084 |
|
1 | |
| Read | - | size = 4495, size_out = 4495 |
|
1 | |
| Read | - | size = 1404, size_out = 1404 |
|
1 | |
| Read | - | size = 5963, size_out = 5963 |
|
1 | |
| Read | - | size = 1218, size_out = 1218 |
|
1 | |
| Read | - | size = 666, size_out = 666 |
|
1 | |
| Read | - | size = 2371, size_out = 2371 |
|
1 | |
| Read | - | size = 1686, size_out = 1686 |
|
1 | |
| Read | - | size = 1029, size_out = 1029 |
|
1 | |
| Read | - | size = 306, size_out = 306 |
|
1 | |
| Read | - | size = 1459, size_out = 1459 |
|
1 | |
| Read | - | size = 282, size_out = 282 |
|
1 | |
| Read | - | size = 2520, size_out = 2520 |
|
1 | |
| Read | - | size = 2709, size_out = 2709 |
|
1 | |
| Read | - | size = 2124, size_out = 2124 |
|
1 | |
| Read | - | size = 718, size_out = 718 |
|
1 | |
| Read | - | size = 284, size_out = 284 |
|
3 | |
| Read | - | size = 14716, size_out = 14716 |
|
1 | |
| Read | - | size = 2111, size_out = 2111 |
|
1 | |
| Read | - | size = 8292, size_out = 8292 |
|
1 | |
| Read | - | size = 6007, size_out = 6007 |
|
1 | |
| Read | - | size = 2905, size_out = 2905 |
|
1 | |
| Read | - | size = 937, size_out = 937 |
|
1 | |
| Read | - | size = 585, size_out = 585 |
|
1 | |
| Read | - | size = 1544, size_out = 1544 |
|
1 | |
| Read | - | size = 12572, size_out = 12572 |
|
1 | |
| Read | - | size = 1904, size_out = 1904 |
|
1 | |
| Read | - | size = 2008, size_out = 2008 |
|
1 | |
| Read | - | size = 783, size_out = 783 |
|
2 | |
| Read | - | size = 19213, size_out = 19213 |
|
1 | |
| Read | - | size = 745, size_out = 745 |
|
2 | |
| Read | - | size = 3606, size_out = 3606 |
|
1 | |
| Read | - | size = 403, size_out = 403 |
|
1 | |
| Read | - | size = 9943, size_out = 9943 |
|
1 | |
| Read | - | size = 596, size_out = 596 |
|
1 | |
| Read | - | size = 612, size_out = 612 |
|
1 | |
| Read | - | size = 544, size_out = 544 |
|
1 | |
| Read | - | size = 697, size_out = 697 |
|
1 | |
| Read | - | size = 604, size_out = 604 |
|
1 | |
| Read | - | size = 591, size_out = 591 |
|
1 | |
| Read | - | size = 586, size_out = 586 |
|
1 | |
| Read | - | size = 1974, size_out = 1974 |
|
1 | |
| Read | - | size = 1159, size_out = 1159 |
|
1 | |
| Read | - | size = 426, size_out = 426 |
|
1 | |
| Read | - | size = 7100, size_out = 7100 |
|
1 | |
| Read | - | size = 229, size_out = 229 |
|
1 | |
| Read | - | size = 366, size_out = 366 |
|
1 | |
| Read | - | size = 3515, size_out = 3515 |
|
1 | |
| Read | - | size = 2163, size_out = 2163 |
|
1 | |
| Read | - | size = 179, size_out = 179 |
|
3 | |
| Read | - | size = 6028, size_out = 6028 |
|
1 | |
| Read | - | size = 7832, size_out = 7832 |
|
1 | |
| Read | - | size = 5512, size_out = 5512 |
|
1 | |
| Read | - | size = 949, size_out = 949 |
|
1 | |
| Read | - | size = 1167, size_out = 1167 |
|
1 | |
| Read | - | size = 1731, size_out = 1731 |
|
1 | |
| Read | - | size = 1427, size_out = 1427 |
|
1 | |
| Read | - | size = 1429, size_out = 1429 |
|
1 | |
| Read | - | size = 1873, size_out = 1873 |
|
1 | |
| Read | - | size = 374, size_out = 374 |
|
1 | |
| Read | - | size = 3, size_out = 3 |
|
76 | |
| Read | - | size = 163, size_out = 163 |
|
1 | |
| Read | - | size = 29, size_out = 29 |
|
1 | |
| Read | - | size = 1, size_out = 1 |
|
1 | |
| Read | - | size = 1074, size_out = 1074 |
|
1 | |
| Read | - | size = 167, size_out = 167 |
|
1 | |
| Read | - | size = 196, size_out = 196 |
|
1 | |
| Read | - | size = 42, size_out = 42 |
|
1 | |
| Read | - | size = 38, size_out = 38 |
|
1 | |
| Read | - | size = 63, size_out = 63 |
|
1 | |
| Read | - | size = 634, size_out = 634 |
|
2 | |
| Read | - | size = 61, size_out = 61 |
|
1 | |
| Read | - | size = 312, size_out = 312 |
|
1 | |
| Read | - | size = 256, size_out = 256 |
|
2 | |
| Read | - | size = 94, size_out = 94 |
|
1 | |
| Read | - | size = 399, size_out = 399 |
|
1 | |
| Read | - | size = 904, size_out = 904 |
|
1 | |
| Read | - | size = 463, size_out = 463 |
|
1 | |
| Read | - | size = 122, size_out = 122 |
|
2 | |
| Read | - | size = 2351, size_out = 2351 |
|
1 | |
| Read | - | size = 877, size_out = 877 |
|
1 | |
| Read | - | size = 156, size_out = 156 |
|
1 | |
| Read | - | size = 91, size_out = 91 |
|
1 | |
| Read | - | size = 18, size_out = 18 |
|
1 | |
| Read | - | size = 237, size_out = 237 |
|
1 | |
| Read | - | size = 658, size_out = 658 |
|
1 | |
| Read | - | size = 690, size_out = 690 |
|
2 | |
| Read | - | size = 850, size_out = 850 |
|
2 | |
| Read | - | size = 1401, size_out = 1401 |
|
1 | |
| Read | - | size = 412, size_out = 412 |
|
2 | |
| Read | - | size = 448, size_out = 448 |
|
2 | |
| Read | - | size = 692, size_out = 692 |
|
1 | |
| Read | - | size = 660, size_out = 660 |
|
1 | |
| Read | - | size = 141, size_out = 141 |
|
1 | |
| Read | - | size = 192, size_out = 192 |
|
1 | |
| Read | - | size = 5861, size_out = 5861 |
|
1 | |
| Read | - | size = 128, size_out = 128 |
|
1 | |
| Read | - | size = 33985, size_out = 33985 |
|
1 | |
| Read | - | size = 3671, size_out = 3671 |
|
1 | |
| Read | - | size = 10989, size_out = 10989 |
|
1 | |
| Read | - | size = 407, size_out = 407 |
|
1 | |
| Read | - | size = 9301, size_out = 9301 |
|
1 | |
| Read | - | size = 28702, size_out = 28702 |
|
1 | |
| Read | - | size = 6453, size_out = 6453 |
|
1 | |
| Read | - | size = 2101, size_out = 2101 |
|
1 | |
| Read | - | size = 2652, size_out = 2652 |
|
1 | |
| Read | - | size = 1139, size_out = 1139 |
|
1 | |
| Read | - | size = 2005, size_out = 2005 |
|
1 | |
| Read | - | size = 5981, size_out = 5981 |
|
1 | |
| Read | - | size = 22809, size_out = 22809 |
|
1 | |
| Read | - | size = 1862, size_out = 1862 |
|
1 | |
| Read | - | size = 643, size_out = 643 |
|
1 | |
| Read | - | size = 112, size_out = 112 |
|
2 | |
| Read | - | size = 3932, size_out = 3932 |
|
1 | |
| Read | - | size = 2027, size_out = 2027 |
|
1 | |
| Read | - | size = 31499, size_out = 31499 |
|
1 | |
| Read | - | size = 659, size_out = 659 |
|
1 | |
| Read | - | size = 375, size_out = 375 |
|
1 | |
| Read | - | size = 1932, size_out = 1932 |
|
1 | |
| Read | - | size = 419, size_out = 419 |
|
1 | |
| Read | - | size = 1599, size_out = 1599 |
|
1 | |
| Read | - | size = 2771, size_out = 2771 |
|
1 | |
| Read | - | size = 831, size_out = 831 |
|
1 | |
| Read | - | size = 1589, size_out = 1589 |
|
1 | |
| Read | - | size = 505, size_out = 505 |
|
2 | |
| Read | - | size = 7594, size_out = 7594 |
|
1 | |
| Read | - | size = 16872, size_out = 16872 |
|
1 | |
| Read | - | size = 362, size_out = 362 |
|
1 | |
| Read | - | size = 435, size_out = 435 |
|
1 | |
| Read | - | size = 6262, size_out = 6262 |
|
1 | |
| Read | - | size = 9824, size_out = 9824 |
|
1 | |
| Read | - | size = 13080, size_out = 13080 |
|
1 | |
| Read | - | size = 26877, size_out = 26877 |
|
1 | |
| Read | - | size = 460, size_out = 460 |
|
1 | |
| Read | - | size = 302, size_out = 302 |
|
2 | |
| Read | - | size = 503, size_out = 503 |
|
1 | |
| Read | - | size = 136, size_out = 136 |
|
1 | |
| Read | - | size = 17075, size_out = 17075 |
|
1 | |
| Read | - | size = 1002, size_out = 1002 |
|
1 | |
| Read | - | size = 1378, size_out = 1378 |
|
1 | |
| Read | - | size = 2396, size_out = 2396 |
|
1 | |
| Read | - | size = 1786, size_out = 1786 |
|
1 | |
| Read | - | size = 1740, size_out = 1740 |
|
1 | |
| Read | - | size = 2528, size_out = 2528 |
|
1 | |
| Read | - | size = 4399, size_out = 4399 |
|
1 | |
| Read | - | size = 9883, size_out = 9883 |
|
1 | |
| Read | - | size = 373, size_out = 373 |
|
1 | |
| Read | - | size = 1114, size_out = 1114 |
|
1 | |
| Read | - | size = 8460, size_out = 8460 |
|
1 | |
| Read | - | size = 1477, size_out = 1477 |
|
1 | |
| Read | - | size = 872, size_out = 872 |
|
1 | |
| Read | - | size = 3313, size_out = 3313 |
|
1 | |
| Read | - | size = 743, size_out = 743 |
|
1 | |
| Read | - | size = 2872, size_out = 2872 |
|
1 | |
| Read | - | size = 4879, size_out = 4879 |
|
1 | |
| Read | - | size = 2958, size_out = 2958 |
|
1 | |
| Read | - | size = 2419, size_out = 2419 |
|
1 | |
| Read | - | size = 239, size_out = 239 |
|
1 | |
| Read | - | size = 401, size_out = 401 |
|
1 | |
| Read | - | size = 27718, size_out = 27718 |
|
1 | |
| Read | - | size = 337, size_out = 337 |
|
1 | |
| Read | - | size = 18188, size_out = 18188 |
|
1 | |
| Read | - | size = 236, size_out = 236 |
|
1 | |
| Read | - | size = 272, size_out = 272 |
|
1 | |
| Read | - | size = 3851, size_out = 3851 |
|
1 | |
| Read | - | size = 25359, size_out = 25359 |
|
1 | |
| Read | - | size = 251, size_out = 251 |
|
1 | |
| Read | - | size = 234, size_out = 234 |
|
1 | |
| Read | - | size = 3171, size_out = 3171 |
|
1 | |
| Read | - | size = 1336, size_out = 1336 |
|
2 | |
| Read | - | size = 1685, size_out = 1685 |
|
1 | |
| Read | - | size = 898, size_out = 898 |
|
1 | |
| Read | - | size = 6767, size_out = 6767 |
|
1 | |
| Read | - | size = 5374, size_out = 5374 |
|
1 | |
| Read | - | size = 1470, size_out = 1470 |
|
1 | |
| Read | - | size = 188, size_out = 188 |
|
2 | |
| Read | - | size = 818, size_out = 818 |
|
1 | |
| Read | - | size = 323, size_out = 323 |
|
1 | |
| Read | - | size = 2727, size_out = 2727 |
|
1 | |
| Read | - | size = 129, size_out = 129 |
|
1 | |
| Read | - | size = 300, size_out = 300 |
|
3 | |
| Read | - | size = 642, size_out = 642 |
|
1 | |
| Read | - | size = 165, size_out = 165 |
|
1 | |
| Read | - | size = 388, size_out = 388 |
|
1 | |
| Read | - | size = 164, size_out = 164 |
|
1 | |
| Read | - | size = 222, size_out = 222 |
|
1 | |
| Read | - | size = 253, size_out = 253 |
|
1 | |
| Read | - | size = 437, size_out = 437 |
|
1 | |
| Read | - | size = 211, size_out = 211 |
|
1 | |
| Read | - | size = 58, size_out = 58 |
|
1 | |
| Read | - | size = 130, size_out = 130 |
|
1 | |
| Read | - | size = 110, size_out = 110 |
|
1 | |
| Read | - | size = 342, size_out = 342 |
|
1 | |
| Read | - | size = 347, size_out = 347 |
|
1 | |
| Read | - | size = 90, size_out = 90 |
|
1 | |
| Read | - | size = 2786, size_out = 2786 |
|
1 | |
| Read | - | size = 1210, size_out = 1210 |
|
1 | |
| Read | - | size = 540, size_out = 540 |
|
1 | |
| Read | - | size = 948, size_out = 948 |
|
1 | |
| Read | - | size = 2962, size_out = 2962 |
|
1 | |
| Read | - | size = 632, size_out = 632 |
|
1 | |
| Read | - | size = 5468, size_out = 5468 |
|
1 | |
| Read | - | size = 1825, size_out = 1825 |
|
1 | |
| Read | - | size = 809, size_out = 809 |
|
1 | |
| Read | - | size = 854, size_out = 854 |
|
1 | |
| Read | - | size = 2701, size_out = 2701 |
|
1 | |
| Read | - | size = 2950, size_out = 2950 |
|
1 | |
| Read | - | size = 1198, size_out = 1198 |
|
1 | |
| Read | - | size = 1001, size_out = 1001 |
|
1 | |
| Read | - | size = 680, size_out = 680 |
|
1 | |
| Read | - | size = 976, size_out = 976 |
|
1 | |
| Read | - | size = 445, size_out = 445 |
|
1 | |
| Read | - | size = 1160, size_out = 1160 |
|
1 | |
| Read | - | size = 2235, size_out = 2235 |
|
1 | |
| Read | - | size = 770, size_out = 770 |
|
1 | |
| Read | - | size = 1938, size_out = 1938 |
|
1 | |
| Read | - | size = 8084, size_out = 8084 |
|
1 | |
| Read | - | size = 340, size_out = 340 |
|
1 | |
| Read | - | size = 392, size_out = 392 |
|
1 | |
| Read | - | size = 4890, size_out = 4890 |
|
1 | |
| Read | - | size = 492, size_out = 492 |
|
1 | |
| Read | - | size = 3846, size_out = 3846 |
|
1 | |
| Read | - | size = 9570, size_out = 9570 |
|
1 | |
| Read | - | size = 413, size_out = 413 |
|
2 | |
| Read | - | size = 203, size_out = 203 |
|
1 | |
| Read | - | size = 789, size_out = 789 |
|
1 | |
| Read | - | size = 686, size_out = 686 |
|
2 | |
| Read | - | size = 4445, size_out = 4445 |
|
1 | |
| Read | - | size = 1980, size_out = 1980 |
|
1 | |
| Read | - | size = 2783, size_out = 2783 |
|
1 | |
| Read | - | size = 1518, size_out = 1518 |
|
1 | |
| Read | - | size = 569, size_out = 569 |
|
1 | |
| Read | - | size = 4157, size_out = 4157 |
|
1 | |
| Read | - | size = 169, size_out = 169 |
|
1 | |
| Read | - | size = 543, size_out = 543 |
|
1 | |
| Read | - | size = 4605, size_out = 4605 |
|
1 | |
| Read | - | size = 784, size_out = 784 |
|
2 | |
| Read | - | size = 1663, size_out = 1663 |
|
1 | |
| Read | - | size = 2147, size_out = 2147 |
|
1 | |
| Read | - | size = 975, size_out = 975 |
|
2 | |
| Read | - | size = 1337, size_out = 1337 |
|
1 | |
| Read | - | size = 497, size_out = 497 |
|
1 | |
| Read | - | size = 878, size_out = 878 |
|
2 | |
| Read | - | size = 1061, size_out = 1061 |
|
1 | |
| Read | - | size = 614, size_out = 614 |
|
1 | |
| Read | - | size = 1183, size_out = 1183 |
|
1 | |
| Read | - | size = 326, size_out = 326 |
|
1 | |
| Read | - | size = 81, size_out = 81 |
|
1 | |
| Read | - | size = 830, size_out = 830 |
|
1 | |
| Read | - | size = 1179, size_out = 1179 |
|
1 | |
| Read | - | size = 781, size_out = 781 |
|
1 | |
| Read | - | size = 534, size_out = 534 |
|
1 | |
| Read | - | size = 1462, size_out = 1462 |
|
1 | |
| Read | - | size = 409, size_out = 409 |
|
1 | |
| Read | - | size = 225, size_out = 225 |
|
1 | |
| Read | - | size = 495, size_out = 495 |
|
1 | |
| Read | - | size = 897, size_out = 897 |
|
1 | |
| Read | - | size = 2301, size_out = 2301 |
|
1 | |
| Read | - | size = 2443, size_out = 2443 |
|
1 | |
| Read | - | size = 215, size_out = 215 |
|
1 | |
| Read | - | size = 827, size_out = 827 |
|
1 | |
| Read | - | size = 5505, size_out = 5505 |
|
1 | |
| Read | - | size = 1071, size_out = 1071 |
|
1 | |
| Read | - | size = 1036, size_out = 1036 |
|
1 | |
| Read | - | size = 352, size_out = 352 |
|
1 | |
| Read | - | size = 1116, size_out = 1116 |
|
1 | |
| Read | - | size = 1796, size_out = 1796 |
|
1 | |
| Read | - | size = 4013, size_out = 4013 |
|
1 | |
| Read | - | size = 1566, size_out = 1566 |
|
1 | |
| Read | - | size = 402, size_out = 402 |
|
1 | |
| Read | - | size = 1366, size_out = 1366 |
|
1 | |
| Read | - | size = 9311, size_out = 9311 |
|
1 | |
| Read | - | size = 3572, size_out = 3572 |
|
1 | |
| Read | - | size = 1619, size_out = 1619 |
|
1 | |
| Read | - | size = 2404, size_out = 2404 |
|
1 | |
| Read | - | size = 3013, size_out = 3013 |
|
1 | |
| Read | - | size = 1708, size_out = 1708 |
|
1 | |
| Read | - | size = 2879, size_out = 2879 |
|
1 | |
| Read | - | size = 1285, size_out = 1285 |
|
1 | |
| Read | - | size = 1398, size_out = 1398 |
|
1 | |
| Read | - | size = 1090, size_out = 1090 |
|
1 | |
| Read | - | size = 3789, size_out = 3789 |
|
1 | |
| Read | - | size = 436, size_out = 436 |
|
1 | |
| Read | - | size = 792, size_out = 792 |
|
1 | |
| Read | - | size = 384, size_out = 384 |
|
1 | |
| Read | - | size = 1217, size_out = 1217 |
|
1 | |
| Read | - | size = 480, size_out = 480 |
|
1 | |
| Read | - | size = 622, size_out = 622 |
|
1 | |
| Read | - | size = 76, size_out = 76 |
|
1 | |
| Read | - | size = 527, size_out = 527 |
|
1 | |
| Read | - | size = 4051, size_out = 4051 |
|
1 | |
| Read | - | size = 7991, size_out = 7991 |
|
1 | |
| Read | - | size = 704, size_out = 704 |
|
1 | |
| Read | - | size = 8401, size_out = 8401 |
|
1 | |
| Read | - | size = 2096, size_out = 2096 |
|
1 | |
| Read | - | size = 2691, size_out = 2691 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | - | size = 1396, size_out = 1396 |
|
1 | |
| Read | - | size = 46400, size_out = 46400 |
|
1 | |
| Read | - | size = 263, size_out = 263 |
|
1 | |
| Read | - | size = 357, size_out = 357 |
|
1 | |
| Read | - | size = 5472, size_out = 5472 |
|
1 | |
| Read | - | size = 3241, size_out = 3241 |
|
1 | |
| Read | - | size = 1886, size_out = 1886 |
|
1 | |
| Read | - | size = 5529, size_out = 5529 |
|
1 | |
| Read | - | size = 1188, size_out = 1188 |
|
1 | |
| Read | - | size = 7520, size_out = 7520 |
|
1 | |
| Read | - | size = 8446, size_out = 8446 |
|
1 | |
| Read | - | size = 5830, size_out = 5830 |
|
1 | |
| Read | - | size = 1929, size_out = 1929 |
|
1 | |
| Read | - | size = 519, size_out = 519 |
|
1 | |
| Read | - | size = 855, size_out = 855 |
|
1 | |
| Read | - | size = 152, size_out = 152 |
|
1 | |
| Read | - | size = 1206, size_out = 1206 |
|
1 | |
| Read | - | size = 7192, size_out = 7192 |
|
1 | |
| Read | - | size = 22580, size_out = 22580 |
|
1 | |
| Read | - | size = 2388, size_out = 2388 |
|
1 | |
| Read | - | size = 1746, size_out = 1746 |
|
1 | |
| Read | - | size = 845, size_out = 845 |
|
1 | |
| Read | - | size = 14934, size_out = 14934 |
|
1 | |
| Read | - | size = 322, size_out = 322 |
|
1 | |
| Read | - | size = 1032, size_out = 1032 |
|
1 | |
| Read | - | size = 773, size_out = 773 |
|
1 | |
| Read | - | size = 26461, size_out = 26461 |
|
1 | |
| Read | - | size = 4540, size_out = 4540 |
|
1 | |
| Read | - | size = 1995, size_out = 1995 |
|
1 | |
| Read | - | size = 1261, size_out = 1261 |
|
1 | |
| Read | - | size = 4115, size_out = 4115 |
|
1 | |
| Read | - | size = 2598, size_out = 2598 |
|
1 | |
| Read | - | size = 11029, size_out = 11029 |
|
1 | |
| Read | - | size = 296, size_out = 296 |
|
1 | |
| Read | - | size = 1028, size_out = 1028 |
|
1 | |
| Read | - | size = 17440, size_out = 17440 |
|
1 | |
| Read | - | size = 3033, size_out = 3033 |
|
1 | |
| Read | - | size = 861, size_out = 861 |
|
1 | |
| Read | - | size = 2660, size_out = 2660 |
|
1 | |
| Read | - | size = 1444, size_out = 1444 |
|
1 | |
| Read | - | size = 1192, size_out = 1192 |
|
1 | |
| Read | - | size = 7071, size_out = 7071 |
|
1 | |
| Read | - | size = 2038, size_out = 2038 |
|
1 | |
| Read | - | size = 2049, size_out = 2049 |
|
1 | |
| Read | - | size = 1627, size_out = 1627 |
|
1 | |
| Read | - | size = 8760, size_out = 8760 |
|
1 | |
| Read | - | size = 3164, size_out = 3164 |
|
1 | |
| Read | - | size = 2552, size_out = 2552 |
|
1 | |
| Read | - | size = 1600, size_out = 1600 |
|
1 | |
| Read | - | size = 109, size_out = 109 |
|
1 | |
| Read | - | size = 235, size_out = 235 |
|
2 | |
| Read | - | size = 2863, size_out = 2863 |
|
2 | |
| Read | - | size = 443, size_out = 443 |
|
1 | |
| Read | - | size = 837, size_out = 837 |
|
2 | |
| Read | - | size = 3196, size_out = 3196 |
|
1 | |
| Read | - | size = 1262, size_out = 1262 |
|
1 | |
| Read | - | size = 1812, size_out = 1812 |
|
2 | |
| Read | - | size = 240, size_out = 240 |
|
1 | |
| Read | - | size = 390, size_out = 390 |
|
1 | |
| Read | - | size = 1989, size_out = 1989 |
|
1 | |
| Read | - | size = 734, size_out = 734 |
|
1 | |
| Read | - | size = 5122, size_out = 5122 |
|
1 | |
| Read | - | size = 285, size_out = 285 |
|
1 | |
| Read | - | size = 889, size_out = 889 |
|
1 | |
| Read | - | size = 3271, size_out = 3271 |
|
1 | |
| Read | - | size = 23927, size_out = 23927 |
|
1 | |
| Read | - | size = 1227, size_out = 1227 |
|
1 | |
| Read | - | size = 761, size_out = 761 |
|
1 | |
| Read | - | size = 107, size_out = 107 |
|
1 | |
| Read | - | size = 2146, size_out = 2146 |
|
1 | |
| Read | - | size = 2114, size_out = 2114 |
|
1 | |
| Read | - | size = 3293, size_out = 3293 |
|
1 | |
| Read | - | size = 725, size_out = 725 |
|
1 | |
| Read | - | size = 859, size_out = 859 |
|
1 | |
| Read | - | size = 1326, size_out = 1326 |
|
1 | |
| Read | - | size = 4319, size_out = 4319 |
|
1 | |
| Read | - | size = 595, size_out = 595 |
|
1 | |
| Read | - | size = 626, size_out = 626 |
|
1 | |
| Read | - | size = 763, size_out = 763 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 2191, size_out = 2191 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 103, size_out = 103 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 160, size_out = 160 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 30, size_out = 30 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 913, size_out = 913 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 852, size_out = 852 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 1319, size_out = 1319 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 1269, size_out = 1269 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 404, size_out = 404 |
|
1 | |
| Read | - | size = 1399, size_out = 1399 |
|
1 | |
| Read | - | size = 3618, size_out = 3618 |
|
1 | |
| Read | - | size = 1507, size_out = 1507 |
|
1 | |
| Read | - | size = 8099, size_out = 8099 |
|
1 | |
| Read | - | size = 964, size_out = 964 |
|
1 | |
| Read | - | size = 5799, size_out = 5799 |
|
1 | |
| Read | - | size = 3605, size_out = 3605 |
|
1 | |
| Write | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | size = 281 |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | - |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | - |
|
1 |
Registry (25)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | - |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | value_name = Desktop, data = C:\Users\2XC7u663GxWc\Desktop, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | value_name = GDIProcessHandleQuota, data = 16 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop | value_name = FontSmoothingOrientation, data = 1 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | value_name = Shell Icon BPP, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = NormalSize, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = NormalColor, type = REG_SZ |
|
1 |
Process (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\2XC7U6~1\AppData\Local\Temp\_0.080316539076114361006181509658991106.class | os_pid = 0xfb8, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | os_pid = 0x110, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | os_pid = 0x754, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Open | c:\program files\java\jre7\bin\java.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | exit_code = 1 |
|
1 |
Module (734)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll | base_address = 0x6acb0000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | base_address = 0x72100000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll | base_address = 0x720e0000 |
|
1 | |
| Load | COMCTL32.dll | base_address = 0x73ee0000 |
|
1 | |
| Load | GDI32.dll | base_address = 0x754f0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.DLL | base_address = 0x731f0000 |
|
1 | |
| Load | IPHLPAPI.DLL | base_address = 0x738f0000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\management.dll | base_address = 0x6da40000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunmscapi.dll | base_address = 0x6b6c0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
27 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x75280000 |
|
3 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe, size = 260 |
|
3 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
1 | |
| Get Filename | - | file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
22 | |
| Get Filename | c:\windows\system32\kernel32.dll | file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 |
|
22 | |
| Get Filename | c:\windows\system32\advapi32.dll | file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\SYSTEM32\sechost.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\USER32.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\GDI32.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\LPK.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\USP10.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 |
|
22 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 |
|
21 | |
| Get Filename | - | file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll, size = 260 |
|
21 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
21 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\WSOCK32.dll, size = 260 |
|
21 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\WS2_32.dll, size = 260 |
|
21 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\NSI.dll, size = 260 |
|
21 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\WINMM.dll, size = 260 |
|
21 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\PSAPI.DLL, size = 260 |
|
21 | |
| Get Filename | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll, size = 260 |
|
21 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll, size = 260 |
|
21 | |
| Get Filename | - | file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll, size = 260 |
|
17 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x7559418d |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x75591e16 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x755976e6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x75591f61 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_CreateJavaVM, address_out = 0x6ad78e70 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_GetDefaultJavaVMInitArgs, address_out = 0x6ad6e340 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | address_out = 0x720e6fcf |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorControl, address_out = 0x752a7a8b |
|
3 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _JNI_OnLoad@8, address_out = 0x71fa3379 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ref_Finalizer_invokeFinalizeMethod@12, address_out = 0x720e207c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDoubleClickTime, address_out = 0x76b4ade0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x76b567cf |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = ToAsciiEx, address_out = 0x76b8b797 |
|
13 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardState, address_out = 0x76b76946 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x6ce52210 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitCommonControlsEx, address_out = 0x73f009ce |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = LoadIconW, address_out = 0x76b4f142 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClassW, address_out = 0x76b4ed4a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDC, address_out = 0x76b5544c |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address_out = 0x754f6f7f |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = ReleaseDC, address_out = 0x76b55421 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CreateWindowExW, address_out = 0x76b4ec7c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcW, address_out = 0x76b5507d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address_out = 0x76b4e30c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleInitialize, address_out = 0x7637efd7 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address_out = 0x76b4e09a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSysColor, address_out = 0x76b5db7a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetStockObject, address_out = 0x754f5ddf |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = SelectObject, address_out = 0x754f6640 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextFaceW, address_out = 0x754fb73a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address_out = 0x754f7b8f |
|
1 | |
| Get Address | Unknown module name | function = DwmIsCompositionEnabled, address_out = 0x731f1610 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x754f73ad |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDIBits, address_out = 0x754fa23b |
|
2 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteObject, address_out = 0x754f5f14 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_terminateProcess@16, address_out = 0x720e8e7c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_delete0@12, address_out = 0x720ea507 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_NetworkInterface_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_NetworkInterface_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_NetworkInterface_init@8, address_out = 0x71fa157c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_NetworkInterface_getAll@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_NetworkInterface_getAll@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_NetworkInterface_getAll@8, address_out = 0x71fa214a |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIfTable, address_out = 0x738fae94 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetFriendlyIfIndex, address_out = 0x738fd855 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpAddrTable, address_out = 0x738f9bb0 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetAdaptersAddresses, address_out = 0x738f6a4d |
|
1 | |
| Get Address | Unknown module name | function = _JNI_OnLoad@8, address_out = 0x6da42194 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x6da41e06 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x6da41e8a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x6da42a5b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x6da4230d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_createDirectory@12, address_out = 0x720ea812 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_initIDs@8, address_out = 0x71fa6667 |
|
1 | |
| Get Address | Unknown module name | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_socket0@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_socket0@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_socket0@16, address_out = 0x71fa66ab |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_connect0@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_connect0@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_connect0@20, address_out = 0x71fa6793 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PeekMessageW, address_out = 0x76b5634a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x6ce50ac0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SendMessageW, address_out = 0x76b55539 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = EnumThreadWindows, address_out = 0x76b4b712 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostMessageW, address_out = 0x76b5447b |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CallNextHookEx, address_out = 0x76b4abe1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostQuitMessage, address_out = 0x76b4b308 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleUninitialize, address_out = 0x7637eba1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetMessageW, address_out = 0x76b5cde8 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = IsWindow, address_out = 0x76b553ba |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DestroyWindow, address_out = 0x76b4b2f4 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\3928 | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\3928, protection = PAGE_READWRITE, maximum_size = 65536 |
|
1 | |
| Create Mapping | - | protection = PAGE_WRITECOPY, maximum_size = 0 |
|
1 | |
| Create Mapping | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | filename = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa, protection = PAGE_WRITECOPY, maximum_size = 0 |
|
2 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\3928 | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_ALL_ACCESS |
|
1 | |
| Map | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_COPY |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_COPY |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | theAwtToolkitWindow | class_name = SunAwtToolkit, wndproc_parameter = 0 |
|
1 |
Keyboard (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
3 | |
| Read | result_out = 1 |
|
1 |
System (100)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:49:57 (UTC) |
|
2 | |
| Get Time | type = Ticks, time = 10908307 |
|
1 | |
| Get Time | type = System Time, time = 2018-07-19 09:49:58 (UTC) |
|
38 | |
| Get Time | type = System Time, time = 2018-07-19 09:49:59 (UTC) |
|
10 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:00 (UTC) |
|
6 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:01 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:04 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:06 (UTC) |
|
6 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:07 (UTC) |
|
9 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:18 (UTC) |
|
1 | |
| Register Hook | type = WH_GETMESSAGE, hookproc_address = 0x6ce51da0 |
|
1 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Operating System |
|
9 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | - |
|
1 |
Environment (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
2 | |
| Get Environment String | name = _ALT_JAVA_HOME_DIR |
|
1 | |
| Get Environment String | name = JAVA_TOOL_OPTIONS |
|
1 | |
| Get Environment String | name = _JAVA_OPTIONS |
|
1 |
Network Behavior
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = ZgW5tdPu |
|
2 | |
| Resolve Name | host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 |
|
1 |
Process #20: java.exe
2821
3
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe |
| Command Line | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\2XC7U6~1\AppData\Local\Temp\_0.080316539076114361006181509658991106.class |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:00, Reason: Child Process |
| Unmonitor | End Time: 00:01:20, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfb8 |
| Parent PID | 0xf58 (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
FBC
0x
FCC
0x
FD0
0x
FD4
0x
FD8
0x
FE4
0x
FDC
0x
FE0
0x
FEC
0x
FE8
0x
FFC
0x
854
0x
124
0x
150
0x
874
0x
44C
0x
7FC
0x
930
0x
934
0x
938
0x
940
0x
A00
0x
9E8
0x
9F0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00042fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | - |
|
- |
|
- |
| tzres.dll | 0x000e0000 | 0x000e0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00116fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | - |
|
- |
|
- |
| 4024 | 0x00190000 | 0x0019ffff | Memory Mapped File | rw |
|
|
|
|
| private_0x00000000001a0000 | 0x001a0000 | 0x001effff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000001f0000 | 0x001f0000 | 0x002b7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x003c0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x004cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000004d0000 | 0x004d0000 | 0x0061ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000004d0000 | 0x004d0000 | 0x005cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x005fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0060ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000610000 | 0x00610000 | 0x0061ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000620000 | 0x00620000 | 0x00a12fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000a20000 | 0x00a20000 | 0x00b1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b2ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b3ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000b40000 | 0x00b40000 | 0x00bbffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00c1ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c9ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00d4ffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x00d50000 | 0x00d8bfff | Memory Mapped File | - |
|
- |
|
- |
| rpcss.dll | 0x00d50000 | 0x00dabfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000db0000 | 0x00db0000 | 0x00dfffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000e60000 | 0x00e60000 | 0x00eaffff | Private Memory | - |
|
- |
|
- |
| java.exe | 0x00eb0000 | 0x00edefff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000ee0000 | 0x00ee0000 | 0x01adffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x03adffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b20000 | 0x03b20000 | 0x03b6ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b70000 | 0x03b70000 | 0x03bbffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c00000 | 0x03c00000 | 0x03c4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c80000 | 0x03c80000 | 0x03ccffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003cd0000 | 0x03cd0000 | 0x03d1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d40000 | 0x03d40000 | 0x03d8ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d90000 | 0x03d90000 | 0x03f8ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x03f90000 | 0x0425efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004260000 | 0x04260000 | 0x0441ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004260000 | 0x04260000 | 0x0432ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004260000 | 0x04260000 | 0x042cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000042f0000 | 0x042f0000 | 0x0432ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x0441ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004420000 | 0x04420000 | 0x045effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004460000 | 0x04460000 | 0x044affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000044b0000 | 0x044b0000 | 0x045affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000045e0000 | 0x045e0000 | 0x045effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000045f0000 | 0x045f0000 | 0x047cffff | Private Memory | - |
|
- |
|
- |
| kernelbase.dll.mui | 0x045f0000 | 0x046affff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000046d0000 | 0x046d0000 | 0x0471ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000047c0000 | 0x047c0000 | 0x047cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000047d0000 | 0x047d0000 | 0x049affff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004800000 | 0x04800000 | 0x0484ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000048d0000 | 0x048d0000 | 0x0491ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004920000 | 0x04920000 | 0x0496ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004970000 | 0x04970000 | 0x049affff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000049b0000 | 0x049b0000 | 0x04a8efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x28c1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x336cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x376cffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x376d0000 | 0x37b0ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000037b10000 | 0x37b10000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x380d0000 | 0x3871ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038720000 | 0x38720000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x38cd0000 | 0x38f3ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038f40000 | 0x38f40000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x390dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390e0000 | 0x390e0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| jvm.dll | 0x6acb0000 | 0x6b02ffff | Memory Mapped File | - |
|
- |
|
- |
| awt.dll | 0x6cdc0000 | 0x6cf02fff | Memory Mapped File | - |
|
- |
|
- |
| msvcr100.dll | 0x6cf10000 | 0x6cfcefff | Memory Mapped File | - |
|
- |
|
- |
| winmm.dll | 0x70250000 | 0x70281fff | Memory Mapped File | - |
|
- |
|
- |
| pnrpnsp.dll | 0x71760000 | 0x71771fff | Memory Mapped File | - |
|
- |
|
- |
| winrnr.dll | 0x71780000 | 0x71787fff | Memory Mapped File | - |
|
- |
|
- |
| napinsp.dll | 0x717a0000 | 0x717affff | Memory Mapped File | - |
|
- |
|
- |
| rasadhlp.dll | 0x717b0000 | 0x717b5fff | Memory Mapped File | - |
|
- |
|
- |
| net.dll | 0x71fa0000 | 0x71fb3fff | Memory Mapped File | - |
|
- |
|
- |
| sunec.dll | 0x71fc0000 | 0x71fdffff | Memory Mapped File | - |
|
- |
|
- |
| nio.dll | 0x720b0000 | 0x720befff | Memory Mapped File | - |
|
- |
|
- |
| zip.dll | 0x720c0000 | 0x720d2fff | Memory Mapped File | - |
|
- |
|
- |
| java.dll | 0x720e0000 | 0x720fffff | Memory Mapped File | - |
|
- |
|
- |
| verify.dll | 0x72100000 | 0x7210bfff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| fwpuclnt.dll | 0x737d0000 | 0x73807fff | Memory Mapped File | - |
|
- |
|
- |
| winnsi.dll | 0x738e0000 | 0x738e6fff | Memory Mapped File | - |
|
- |
|
- |
| iphlpapi.dll | 0x738f0000 | 0x7390bfff | Memory Mapped File | - |
|
- |
|
- |
| nlaapi.dll | 0x73a60000 | 0x73a6ffff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x73ee0000 | 0x7407dfff | Memory Mapped File | - |
|
- |
|
- |
| wsock32.dll | 0x740b0000 | 0x740b6fff | Memory Mapped File | - |
|
- |
|
- |
| wshtcpip.dll | 0x744e0000 | 0x744e4fff | Memory Mapped File | - |
|
- |
|
- |
| userenv.dll | 0x745b0000 | 0x745c6fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| dnsapi.dll | 0x74850000 | 0x74893fff | Memory Mapped File | - |
|
- |
|
- |
| wship6.dll | 0x74980000 | 0x74985fff | Memory Mapped File | - |
|
- |
|
- |
| mswsock.dll | 0x74990000 | 0x749cbfff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| profapi.dll | 0x74f00000 | 0x74f0afff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| psapi.dll | 0x76350000 | 0x76354fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffae000 | 0x7ffae000 | 0x7ffaefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffaf000 | 0x7ffaf000 | 0x7ffaffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
|
For performance reasons, the remaining 28 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | 0.27 KB |
MD5:
a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510 SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn |
|
|
| C:\Users\2XC7u663GxWc\fUTkALeaTxM\ID.txt | 0.05 KB |
MD5:
473d5ea6460d84e1c44532bf39d48eb7
SHA1: c760d009877410051d803f625211fd027445d1c8 SHA256: 9f32e41ce1b7a69787cd3886274f9e8c8a910607a0687b3d3cf965cef60d2109 SSDeep: 3:YwwAHWKIDdIRRKu9hASMi:YwwAHWKIDdsEKhv |
|
|
Host Behavior
File (2394)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\4024 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\System32\test.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.080316539076114361006181509658991106.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\fUTkALeaTxM\ID.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | - |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\fUTkALeaTxM | - |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\fUTkALeaTxM\DdWDtpinxpf | - |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Get Info | - | type = file_type |
|
7 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\endorsed | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext | type = file_attributes |
|
3 | |
| Get Info | - | type = size, size_out = 829 |
|
1 | |
| Get Info | C:\Windows\Sun\Java\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\access-bridge.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\dnsns.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\jaccess.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\localedata.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\zipfs.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\Sun\Java\lib\ext | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = size, size_out = 2190 |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = size, size_out = 17824 |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\net.dll | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.080316539076114361006181509658991106.class | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\fUTkALeaTxM | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\fUTkALeaTxM\ID.txt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\fUTkALeaTxM\DdWDtpinxpf | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\fUTkALeaTxM\DdWDtpinxpf | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\x86\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = size, size_out = 3070 |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
6 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Read | - | size = 22, size_out = 22 |
|
1 | |
| Read | - | size = 1024, size_out = 1024 |
|
1 | |
| Read | - | size = 30, size_out = 30 |
|
751 | |
| Read | - | size = 161, size_out = 161 |
|
7 | |
| Read | - | size = 4096, size_out = 686 |
|
1 | |
| Read | - | size = 4096, size_out = 0 |
|
1 | |
| Read | - | size = 2416, size_out = 2416 |
|
1 | |
| Read | - | size = 128, size_out = 128 |
|
10 | |
| Read | - | size = 7, size_out = 7 |
|
2 | |
| Read | - | size = 1781193, size_out = 1781193 |
|
1 | |
| Read | - | size = 160, size_out = 160 |
|
609 | |
| Read | - | size = 709, size_out = 709 |
|
1 | |
| Read | - | size = 277, size_out = 277 |
|
1 | |
| Read | - | size = 2305, size_out = 2305 |
|
1 | |
| Read | - | size = 1022, size_out = 1022 |
|
1 | |
| Read | - | size = 2882, size_out = 2882 |
|
1 | |
| Read | - | size = 104, size_out = 104 |
|
1 | |
| Read | - | size = 728, size_out = 728 |
|
1 | |
| Read | - | size = 345, size_out = 345 |
|
1 | |
| Read | - | size = 815, size_out = 815 |
|
1 | |
| Read | - | size = 1105, size_out = 1105 |
|
1 | |
| Read | - | size = 1761, size_out = 1761 |
|
1 | |
| Read | - | size = 514, size_out = 514 |
|
1 | |
| Read | - | size = 970, size_out = 970 |
|
1 | |
| Read | - | size = 2589, size_out = 2589 |
|
1 | |
| Read | - | size = 1008, size_out = 1008 |
|
1 | |
| Read | - | size = 2004, size_out = 2004 |
|
1 | |
| Read | - | size = 669, size_out = 669 |
|
1 | |
| Read | - | size = 962, size_out = 962 |
|
1 | |
| Read | - | size = 934, size_out = 934 |
|
1 | |
| Read | - | size = 1720, size_out = 1720 |
|
1 | |
| Read | - | size = 1012, size_out = 1012 |
|
2 | |
| Read | - | size = 3028, size_out = 3028 |
|
1 | |
| Read | - | size = 1111, size_out = 1111 |
|
3 | |
| Read | - | size = 2976, size_out = 2976 |
|
1 | |
| Read | - | size = 672, size_out = 672 |
|
2 | |
| Read | - | size = 1189, size_out = 1189 |
|
1 | |
| Read | - | size = 2646, size_out = 2646 |
|
1 | |
| Read | - | size = 966, size_out = 966 |
|
1 | |
| Read | - | size = 800, size_out = 800 |
|
1 | |
| Read | - | size = 1280, size_out = 1280 |
|
1 | |
| Read | - | size = 609, size_out = 609 |
|
1 | |
| Read | - | size = 628, size_out = 628 |
|
1 | |
| Read | - | size = 328, size_out = 328 |
|
2 | |
| Read | - | size = 327, size_out = 327 |
|
1 | |
| Read | - | size = 12212, size_out = 12212 |
|
1 | |
| Read | - | size = 748, size_out = 748 |
|
1 | |
| Read | - | size = 6630, size_out = 6630 |
|
1 | |
| Read | - | size = 3392, size_out = 3392 |
|
1 | |
| Read | - | size = 6113, size_out = 6113 |
|
2 | |
| Read | - | size = 2563, size_out = 2563 |
|
2 | |
| Read | - | size = 476, size_out = 476 |
|
1 | |
| Read | - | size = 2703, size_out = 2703 |
|
1 | |
| Read | - | size = 753, size_out = 753 |
|
1 | |
| Read | - | size = 3690, size_out = 3690 |
|
1 | |
| Read | - | size = 3361, size_out = 3361 |
|
1 | |
| Read | - | size = 3599, size_out = 3599 |
|
1 | |
| Read | - | size = 260, size_out = 260 |
|
1 | |
| Read | - | size = 1899, size_out = 1899 |
|
1 | |
| Read | - | size = 678, size_out = 678 |
|
1 | |
| Read | - | size = 1909, size_out = 1909 |
|
1 | |
| Read | - | size = 670, size_out = 670 |
|
2 | |
| Read | - | size = 762, size_out = 762 |
|
1 | |
| Read | - | size = 263, size_out = 263 |
|
3 | |
| Read | - | size = 16, size_out = 16 |
|
26 | |
| Read | - | size = 729, size_out = 729 |
|
2 | |
| Read | - | size = 17, size_out = 17 |
|
4 | |
| Read | - | size = 243, size_out = 243 |
|
2 | |
| Read | - | size = 315, size_out = 315 |
|
2 | |
| Read | - | size = 437, size_out = 437 |
|
2 | |
| Read | - | size = 439, size_out = 439 |
|
2 | |
| Read | - | size = 342, size_out = 342 |
|
2 | |
| Read | - | size = 802, size_out = 802 |
|
1 | |
| Read | - | size = 1127, size_out = 1127 |
|
1 | |
| Read | - | size = 8192, size_out = 2190 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
2 | |
| Read | - | size = 1468, size_out = 1468 |
|
2 | |
| Read | - | size = 1486, size_out = 1486 |
|
2 | |
| Read | - | size = 258, size_out = 258 |
|
6 | |
| Read | - | size = 2351, size_out = 2351 |
|
1 | |
| Read | - | size = 877, size_out = 877 |
|
1 | |
| Read | - | size = 645, size_out = 645 |
|
3 | |
| Read | - | size = 6444, size_out = 6444 |
|
1 | |
| Read | - | size = 1453, size_out = 1453 |
|
1 | |
| Read | - | size = 513, size_out = 513 |
|
1 | |
| Read | - | size = 4556, size_out = 4556 |
|
1 | |
| Read | - | size = 2345, size_out = 2345 |
|
1 | |
| Read | - | size = 13694, size_out = 13694 |
|
1 | |
| Read | - | size = 1056, size_out = 1056 |
|
1 | |
| Read | - | size = 3940, size_out = 3940 |
|
1 | |
| Read | - | size = 5672, size_out = 5672 |
|
1 | |
| Read | - | size = 844, size_out = 844 |
|
1 | |
| Read | - | size = 803, size_out = 803 |
|
3 | |
| Read | - | size = 2601, size_out = 2601 |
|
1 | |
| Read | - | size = 6732, size_out = 6732 |
|
1 | |
| Read | - | size = 732, size_out = 732 |
|
1 | |
| Read | - | size = 454, size_out = 454 |
|
2 | |
| Read | - | size = 78, size_out = 78 |
|
2 | |
| Read | - | size = 457, size_out = 457 |
|
1 | |
| Read | - | size = 973, size_out = 973 |
|
2 | |
| Read | - | size = 308, size_out = 308 |
|
1 | |
| Read | - | size = 381, size_out = 381 |
|
1 | |
| Read | - | size = 310, size_out = 310 |
|
1 | |
| Read | - | size = 3431, size_out = 3431 |
|
1 | |
| Read | - | size = 382, size_out = 382 |
|
2 | |
| Read | - | size = 281, size_out = 281 |
|
2 | |
| Read | - | size = 131, size_out = 131 |
|
1 | |
| Read | - | size = 5929, size_out = 5929 |
|
1 | |
| Read | - | size = 405, size_out = 405 |
|
2 | |
| Read | - | size = 182, size_out = 182 |
|
2 | |
| Read | - | size = 3, size_out = 3 |
|
6 | |
| Read | - | size = 354, size_out = 354 |
|
2 | |
| Read | - | size = 380, size_out = 380 |
|
2 | |
| Read | - | size = 512, size_out = 512 |
|
2 | |
| Read | - | size = 6708, size_out = 6708 |
|
1 | |
| Read | - | size = 4096, size_out = 4096 |
|
4 | |
| Read | - | size = 1693, size_out = 1693 |
|
1 | |
| Read | - | size = 1351, size_out = 1351 |
|
1 | |
| Read | - | size = 1358, size_out = 1358 |
|
1 | |
| Read | - | size = 1240, size_out = 1240 |
|
1 | |
| Read | - | size = 590, size_out = 590 |
|
5 | |
| Read | - | size = 525, size_out = 525 |
|
4 | |
| Read | - | size = 1320, size_out = 1320 |
|
6 | |
| Read | - | size = 2666, size_out = 2666 |
|
1 | |
| Read | - | size = 314, size_out = 314 |
|
1 | |
| Read | - | size = 951, size_out = 951 |
|
1 | |
| Read | - | size = 10594, size_out = 10594 |
|
1 | |
| Read | - | size = 3882, size_out = 3882 |
|
1 | |
| Read | - | size = 3549, size_out = 3549 |
|
1 | |
| Read | - | size = 1381, size_out = 1381 |
|
1 | |
| Read | - | size = 8211, size_out = 8211 |
|
1 | |
| Read | - | size = 1075, size_out = 1075 |
|
1 | |
| Read | - | size = 3695, size_out = 3695 |
|
1 | |
| Read | - | size = 2117, size_out = 2117 |
|
1 | |
| Read | - | size = 346, size_out = 346 |
|
3 | |
| Read | - | size = 576, size_out = 576 |
|
1 | |
| Read | - | size = 24203, size_out = 24203 |
|
1 | |
| Read | - | size = 13092, size_out = 13092 |
|
1 | |
| Read | - | size = 623, size_out = 623 |
|
1 | |
| Read | - | size = 3174, size_out = 3174 |
|
1 | |
| Read | - | size = 2257, size_out = 2257 |
|
1 | |
| Read | - | size = 1621, size_out = 1621 |
|
1 | |
| Read | - | size = 2395, size_out = 2395 |
|
1 | |
| Read | - | size = 14258, size_out = 14258 |
|
1 | |
| Read | - | size = 853, size_out = 853 |
|
1 | |
| Read | - | size = 967, size_out = 967 |
|
1 | |
| Read | - | size = 3914, size_out = 3914 |
|
1 | |
| Read | - | size = 5828, size_out = 5828 |
|
1 | |
| Read | - | size = 12814, size_out = 12814 |
|
1 | |
| Read | - | size = 4077, size_out = 4077 |
|
1 | |
| Read | - | size = 2399, size_out = 2399 |
|
1 | |
| Read | - | size = 2181, size_out = 2181 |
|
1 | |
| Read | - | size = 2812, size_out = 2812 |
|
1 | |
| Read | - | size = 278, size_out = 278 |
|
2 | |
| Read | - | size = 6713, size_out = 6713 |
|
1 | |
| Read | - | size = 1434, size_out = 1434 |
|
2 | |
| Read | - | size = 5439, size_out = 5439 |
|
1 | |
| Read | - | size = 619, size_out = 619 |
|
1 | |
| Read | - | size = 10470, size_out = 10470 |
|
1 | |
| Read | - | size = 3596, size_out = 3596 |
|
5 | |
| Read | - | size = 3529, size_out = 3529 |
|
3 | |
| Read | - | size = 735, size_out = 735 |
|
2 | |
| Read | - | size = 4170, size_out = 4170 |
|
1 | |
| Read | - | size = 817, size_out = 817 |
|
1 | |
| Read | - | size = 331, size_out = 331 |
|
2 | |
| Read | - | size = 2357, size_out = 2357 |
|
1 | |
| Read | - | size = 187, size_out = 187 |
|
1 | |
| Read | - | size = 3665, size_out = 3665 |
|
2 | |
| Read | - | size = 3856, size_out = 3856 |
|
2 | |
| Read | - | size = 333, size_out = 333 |
|
2 | |
| Read | - | size = 2915, size_out = 2915 |
|
1 | |
| Read | - | size = 350, size_out = 350 |
|
1 | |
| Read | - | size = 213, size_out = 213 |
|
2 | |
| Read | - | size = 1319, size_out = 1319 |
|
1 | |
| Read | - | size = 151, size_out = 151 |
|
1 | |
| Read | - | size = 92, size_out = 92 |
|
1 | |
| Read | - | size = 47, size_out = 47 |
|
1 | |
| Read | - | size = 115, size_out = 115 |
|
1 | |
| Read | - | size = 502, size_out = 502 |
|
1 | |
| Read | - | size = 807, size_out = 807 |
|
1 | |
| Read | - | size = 530, size_out = 530 |
|
1 | |
| Read | - | size = 1987, size_out = 1987 |
|
1 | |
| Read | - | size = 706, size_out = 706 |
|
1 | |
| Read | - | size = 3777, size_out = 3777 |
|
1 | |
| Read | - | size = 3082, size_out = 3082 |
|
2 | |
| Read | - | size = 4270, size_out = 4270 |
|
1 | |
| Read | - | size = 8559, size_out = 8559 |
|
1 | |
| Read | - | size = 6031, size_out = 6031 |
|
1 | |
| Read | - | size = 671, size_out = 671 |
|
1 | |
| Read | - | size = 1961, size_out = 1961 |
|
1 | |
| Read | - | size = 3287, size_out = 3287 |
|
1 | |
| Read | - | size = 383, size_out = 383 |
|
3 | |
| Read | - | size = 3661, size_out = 3661 |
|
1 | |
| Read | - | size = 292, size_out = 292 |
|
1 | |
| Read | - | size = 389, size_out = 389 |
|
1 | |
| Read | - | size = 411, size_out = 411 |
|
1 | |
| Read | - | size = 194, size_out = 194 |
|
2 | |
| Read | - | size = 242, size_out = 242 |
|
3 | |
| Read | - | size = 1318, size_out = 1318 |
|
1 | |
| Read | - | size = 153, size_out = 153 |
|
1 | |
| Read | - | size = 209, size_out = 209 |
|
1 | |
| Read | - | size = 883, size_out = 883 |
|
1 | |
| Read | - | size = 994, size_out = 994 |
|
1 | |
| Read | - | size = 780, size_out = 780 |
|
1 | |
| Read | - | size = 206, size_out = 206 |
|
1 | |
| Read | - | size = 533, size_out = 533 |
|
1 | |
| Read | - | size = 775, size_out = 775 |
|
1 | |
| Read | - | size = 301, size_out = 301 |
|
1 | |
| Read | - | size = 8192, size_out = 8192 |
|
55 | |
| Read | - | size = 1137, size_out = 1137 |
|
2 | |
| Read | - | size = 1009, size_out = 1009 |
|
1 | |
| Read | - | size = 1052, size_out = 1052 |
|
1 | |
| Read | - | size = 269, size_out = 269 |
|
1 | |
| Read | - | size = 1438, size_out = 1438 |
|
1 | |
| Read | - | size = 2684, size_out = 2684 |
|
1 | |
| Read | - | size = 157, size_out = 157 |
|
1 | |
| Read | - | size = 902, size_out = 902 |
|
1 | |
| Read | - | size = 1516, size_out = 1516 |
|
1 | |
| Read | - | size = 925, size_out = 925 |
|
1 | |
| Read | - | size = 1403, size_out = 1403 |
|
1 | |
| Read | - | size = 684, size_out = 684 |
|
1 | |
| Read | - | size = 2171, size_out = 2171 |
|
1 | |
| Read | - | size = 1421, size_out = 1421 |
|
1 | |
| Read | - | size = 694, size_out = 694 |
|
1 | |
| Read | - | size = 171, size_out = 171 |
|
1 | |
| Read | - | size = 814, size_out = 814 |
|
1 | |
| Read | - | size = 608, size_out = 608 |
|
1 | |
| Read | - | size = 677, size_out = 677 |
|
2 | |
| Read | - | size = 274, size_out = 274 |
|
5 | |
| Read | - | size = 1343, size_out = 1343 |
|
2 | |
| Read | - | size = 541, size_out = 541 |
|
2 | |
| Read | - | size = 2912, size_out = 2912 |
|
1 | |
| Read | - | size = 1249, size_out = 1249 |
|
1 | |
| Read | - | size = 1311, size_out = 1311 |
|
1 | |
| Read | - | size = 265, size_out = 265 |
|
2 | |
| Read | - | size = 1605, size_out = 1605 |
|
1 | |
| Read | - | size = 557, size_out = 557 |
|
1 | |
| Read | - | size = 173, size_out = 173 |
|
1 | |
| Read | - | size = 2789, size_out = 2789 |
|
2 | |
| Read | - | size = 230, size_out = 230 |
|
1 | |
| Read | - | size = 1133, size_out = 1133 |
|
2 | |
| Read | - | size = 321, size_out = 321 |
|
1 | |
| Read | - | size = 190, size_out = 190 |
|
1 | |
| Read | - | size = 3185, size_out = 3185 |
|
1 | |
| Read | - | size = 4522, size_out = 4522 |
|
1 | |
| Read | - | size = 978, size_out = 978 |
|
2 | |
| Read | - | size = 839, size_out = 839 |
|
1 | |
| Read | - | size = 1309, size_out = 1309 |
|
1 | |
| Read | - | size = 1312, size_out = 1312 |
|
2 | |
| Read | - | size = 696, size_out = 696 |
|
1 | |
| Read | - | size = 3200, size_out = 3200 |
|
1 | |
| Read | - | size = 207, size_out = 207 |
|
2 | |
| Read | - | size = 823, size_out = 823 |
|
1 | |
| Read | - | size = 824, size_out = 824 |
|
1 | |
| Read | - | size = 349, size_out = 349 |
|
2 | |
| Read | - | size = 2972, size_out = 2972 |
|
1 | |
| Read | - | size = 2977, size_out = 2977 |
|
1 | |
| Read | - | size = 611, size_out = 611 |
|
1 | |
| Read | - | size = 668, size_out = 668 |
|
1 | |
| Read | - | size = 283, size_out = 283 |
|
1 | |
| Read | - | size = 1118, size_out = 1118 |
|
2 | |
| Read | - | size = 834, size_out = 834 |
|
1 | |
| Read | - | size = 769, size_out = 769 |
|
1 | |
| Read | - | size = 1478, size_out = 1478 |
|
1 | |
| Read | - | size = 1298, size_out = 1298 |
|
1 | |
| Read | - | size = 1655, size_out = 1655 |
|
1 | |
| Read | - | size = 984, size_out = 984 |
|
1 | |
| Read | - | size = 3278, size_out = 3278 |
|
1 | |
| Read | - | size = 833, size_out = 833 |
|
1 | |
| Read | - | size = 1450, size_out = 1450 |
|
1 | |
| Read | - | size = 1081, size_out = 1081 |
|
1 | |
| Read | - | size = 550, size_out = 550 |
|
1 | |
| Read | - | size = 922, size_out = 922 |
|
1 | |
| Read | - | size = 5457, size_out = 5457 |
|
1 | |
| Read | - | size = 1143, size_out = 1143 |
|
1 | |
| Read | - | size = 2597, size_out = 2597 |
|
1 | |
| Read | - | size = 325, size_out = 325 |
|
2 | |
| Read | - | size = 271, size_out = 271 |
|
1 | |
| Read | - | size = 1084, size_out = 1084 |
|
1 | |
| Read | - | size = 4495, size_out = 4495 |
|
1 | |
| Read | - | size = 1404, size_out = 1404 |
|
2 | |
| Read | - | size = 5963, size_out = 5963 |
|
2 | |
| Read | - | size = 1218, size_out = 1218 |
|
2 | |
| Read | - | size = 666, size_out = 666 |
|
2 | |
| Read | - | size = 2371, size_out = 2371 |
|
1 | |
| Read | - | size = 1686, size_out = 1686 |
|
1 | |
| Read | - | size = 1029, size_out = 1029 |
|
2 | |
| Read | - | size = 306, size_out = 306 |
|
2 | |
| Read | - | size = 1459, size_out = 1459 |
|
1 | |
| Read | - | size = 282, size_out = 282 |
|
1 | |
| Read | - | size = 6135, size_out = 6135 |
|
1 | |
| Read | - | size = 5053, size_out = 5053 |
|
2 | |
| Read | - | size = 1470, size_out = 1470 |
|
2 | |
| Read | - | size = 455, size_out = 455 |
|
2 | |
| Read | - | size = 617, size_out = 617 |
|
2 | |
| Read | - | size = 580, size_out = 580 |
|
2 | |
| Read | - | size = 463, size_out = 463 |
|
3 | |
| Read | - | size = 332, size_out = 332 |
|
3 | |
| Read | - | size = 481, size_out = 481 |
|
2 | |
| Read | - | size = 593, size_out = 593 |
|
2 | |
| Read | - | size = 606, size_out = 606 |
|
2 | |
| Read | - | size = 390, size_out = 390 |
|
3 | |
| Read | - | size = 367, size_out = 367 |
|
2 | |
| Read | - | size = 347, size_out = 347 |
|
2 | |
| Read | - | size = 490, size_out = 490 |
|
2 | |
| Read | - | size = 168, size_out = 168 |
|
2 | |
| Read | - | size = 212, size_out = 212 |
|
2 | |
| Read | - | size = 205, size_out = 205 |
|
2 | |
| Read | - | size = 189, size_out = 189 |
|
1 | |
| Read | - | size = 169, size_out = 169 |
|
2 | |
| Read | - | size = 1989, size_out = 1989 |
|
2 | |
| Read | - | size = 900, size_out = 900 |
|
1 | |
| Read | - | size = 1716, size_out = 1716 |
|
1 | |
| Read | - | size = 503, size_out = 503 |
|
2 | |
| Read | - | size = 220, size_out = 220 |
|
1 | |
| Read | - | size = 692, size_out = 692 |
|
1 | |
| Read | - | size = 708, size_out = 708 |
|
1 | |
| Read | - | size = 2656, size_out = 2656 |
|
1 | |
| Read | - | size = 588, size_out = 588 |
|
1 | |
| Read | - | size = 2520, size_out = 2520 |
|
1 | |
| Read | - | size = 2709, size_out = 2709 |
|
1 | |
| Read | - | size = 2124, size_out = 2124 |
|
1 | |
| Read | - | size = 718, size_out = 718 |
|
1 | |
| Read | - | size = 284, size_out = 284 |
|
1 | |
| Read | - | size = 14716, size_out = 14716 |
|
1 | |
| Read | - | size = 2111, size_out = 2111 |
|
1 | |
| Read | - | size = 8292, size_out = 8292 |
|
1 | |
| Read | - | size = 6007, size_out = 6007 |
|
1 | |
| Read | - | size = 2905, size_out = 2905 |
|
1 | |
| Read | - | size = 937, size_out = 937 |
|
1 | |
| Read | - | size = 585, size_out = 585 |
|
1 | |
| Read | - | size = 1544, size_out = 1544 |
|
1 | |
| Read | - | size = 12572, size_out = 12572 |
|
1 | |
| Read | - | size = 1904, size_out = 1904 |
|
1 | |
| Read | - | size = 2008, size_out = 2008 |
|
1 | |
| Read | - | size = 783, size_out = 783 |
|
2 | |
| Read | - | size = 19213, size_out = 19213 |
|
1 | |
| Read | - | size = 745, size_out = 745 |
|
2 | |
| Read | - | size = 3606, size_out = 3606 |
|
1 | |
| Read | - | size = 403, size_out = 403 |
|
1 | |
| Read | - | size = 9943, size_out = 9943 |
|
1 | |
| Read | - | size = 596, size_out = 596 |
|
1 | |
| Read | - | size = 612, size_out = 612 |
|
1 | |
| Read | - | size = 544, size_out = 544 |
|
1 | |
| Read | - | size = 697, size_out = 697 |
|
1 | |
| Read | - | size = 604, size_out = 604 |
|
1 | |
| Read | - | size = 591, size_out = 591 |
|
1 | |
| Read | - | size = 452, size_out = 452 |
|
1 | |
| Read | - | size = 586, size_out = 586 |
|
1 | |
| Read | - | size = 1974, size_out = 1974 |
|
1 | |
| Read | - | size = 1159, size_out = 1159 |
|
1 | |
| Read | - | size = 426, size_out = 426 |
|
1 | |
| Read | - | size = 7100, size_out = 7100 |
|
1 | |
| Read | - | size = 229, size_out = 229 |
|
1 | |
| Read | - | size = 366, size_out = 366 |
|
1 | |
| Read | - | size = 3515, size_out = 3515 |
|
1 | |
| Read | - | size = 2163, size_out = 2163 |
|
1 | |
| Read | - | size = 179, size_out = 179 |
|
1 | |
| Read | - | size = 660, size_out = 660 |
|
1 | |
| Read | - | size = 1225, size_out = 1225 |
|
1 | |
| Read | - | size = 175, size_out = 175 |
|
1 | |
| Read | - | size = 4645, size_out = 4645 |
|
1 | |
| Read | - | size = 621, size_out = 621 |
|
1 | |
| Read | - | size = 1138, size_out = 1138 |
|
1 | |
| Read | - | size = 5861, size_out = 5861 |
|
1 | |
| Read | - | size = 33985, size_out = 33985 |
|
1 | |
| Read | - | size = 3671, size_out = 3671 |
|
1 | |
| Read | - | size = 10989, size_out = 10989 |
|
1 | |
| Read | - | size = 407, size_out = 407 |
|
1 | |
| Read | - | size = 9301, size_out = 9301 |
|
1 | |
| Read | - | size = 28702, size_out = 28702 |
|
1 | |
| Read | - | size = 6453, size_out = 6453 |
|
1 | |
| Read | - | size = 2101, size_out = 2101 |
|
1 | |
| Read | - | size = 2652, size_out = 2652 |
|
1 | |
| Read | - | size = 1139, size_out = 1139 |
|
1 | |
| Read | - | size = 2005, size_out = 2005 |
|
1 | |
| Read | - | size = 5981, size_out = 5981 |
|
1 | |
| Read | - | size = 22809, size_out = 22809 |
|
1 | |
| Read | - | size = 536, size_out = 536 |
|
2 | |
| Read | - | size = 1862, size_out = 1862 |
|
1 | |
| Read | - | size = 643, size_out = 643 |
|
1 | |
| Read | - | size = 112, size_out = 112 |
|
1 | |
| Read | - | size = 3932, size_out = 3932 |
|
1 | |
| Read | - | size = 2027, size_out = 2027 |
|
1 | |
| Read | - | size = 31499, size_out = 31499 |
|
1 | |
| Read | - | size = 659, size_out = 659 |
|
1 | |
| Read | - | size = 375, size_out = 375 |
|
1 | |
| Read | - | size = 1932, size_out = 1932 |
|
1 | |
| Read | - | size = 419, size_out = 419 |
|
1 | |
| Read | - | size = 1599, size_out = 1599 |
|
1 | |
| Read | - | size = 335, size_out = 335 |
|
1 | |
| Read | - | size = 2771, size_out = 2771 |
|
1 | |
| Read | - | size = 831, size_out = 831 |
|
1 | |
| Read | - | size = 1589, size_out = 1589 |
|
1 | |
| Read | - | size = 505, size_out = 505 |
|
1 | |
| Read | - | size = 7594, size_out = 7594 |
|
1 | |
| Read | - | size = 16872, size_out = 16872 |
|
1 | |
| Read | - | size = 362, size_out = 362 |
|
1 | |
| Read | - | size = 435, size_out = 435 |
|
1 | |
| Read | - | size = 6262, size_out = 6262 |
|
1 | |
| Read | - | size = 9824, size_out = 9824 |
|
1 | |
| Read | - | size = 13080, size_out = 13080 |
|
1 | |
| Read | - | size = 26877, size_out = 26877 |
|
1 | |
| Read | - | size = 460, size_out = 460 |
|
1 | |
| Read | - | size = 302, size_out = 302 |
|
2 | |
| Read | - | size = 136, size_out = 136 |
|
1 | |
| Read | - | size = 17075, size_out = 17075 |
|
1 | |
| Read | - | size = 1002, size_out = 1002 |
|
1 | |
| Read | - | size = 1378, size_out = 1378 |
|
1 | |
| Read | - | size = 2396, size_out = 2396 |
|
1 | |
| Read | - | size = 1786, size_out = 1786 |
|
1 | |
| Read | - | size = 1740, size_out = 1740 |
|
1 | |
| Read | - | size = 2528, size_out = 2528 |
|
1 | |
| Read | - | size = 4399, size_out = 4399 |
|
1 | |
| Read | - | size = 9883, size_out = 9883 |
|
1 | |
| Read | - | size = 373, size_out = 373 |
|
1 | |
| Read | - | size = 1114, size_out = 1114 |
|
1 | |
| Read | - | size = 8460, size_out = 8460 |
|
1 | |
| Read | - | size = 1477, size_out = 1477 |
|
1 | |
| Read | - | size = 872, size_out = 872 |
|
1 | |
| Read | - | size = 3313, size_out = 3313 |
|
1 | |
| Read | - | size = 743, size_out = 743 |
|
1 | |
| Read | - | size = 2872, size_out = 2872 |
|
1 | |
| Read | - | size = 4879, size_out = 4879 |
|
1 | |
| Read | - | size = 2958, size_out = 2958 |
|
1 | |
| Read | - | size = 2419, size_out = 2419 |
|
1 | |
| Read | - | size = 495, size_out = 495 |
|
2 | |
| Read | - | size = 1363, size_out = 1363 |
|
1 | |
| Read | - | size = 1523, size_out = 1523 |
|
1 | |
| Read | - | size = 1236, size_out = 1236 |
|
1 | |
| Read | - | size = 1129, size_out = 1129 |
|
1 | |
| Read | - | size = 1795, size_out = 1795 |
|
1 | |
| Read | - | size = 6907, size_out = 6907 |
|
1 | |
| Read | - | size = 2460, size_out = 2460 |
|
1 | |
| Read | - | size = 1685, size_out = 1685 |
|
1 | |
| Read | - | size = 10895, size_out = 10895 |
|
1 | |
| Read | - | size = 400, size_out = 400 |
|
1 | |
| Read | - | size = 3003, size_out = 3003 |
|
1 | |
| Read | - | size = 4773, size_out = 4773 |
|
1 | |
| Read | - | size = 6236, size_out = 6236 |
|
1 | |
| Read | - | size = 1694, size_out = 1694 |
|
1 | |
| Read | - | size = 1297, size_out = 1297 |
|
1 | |
| Read | - | size = 1415, size_out = 1415 |
|
1 | |
| Read | - | size = 9480, size_out = 9480 |
|
1 | |
| Read | - | size = 6808, size_out = 6808 |
|
1 | |
| Read | - | size = 618, size_out = 618 |
|
1 | |
| Read | - | size = 1065, size_out = 1065 |
|
1 | |
| Read | - | size = 5179, size_out = 5179 |
|
1 | |
| Read | - | size = 4140, size_out = 4140 |
|
1 | |
| Read | - | size = 427, size_out = 427 |
|
1 | |
| Read | - | size = 2727, size_out = 2727 |
|
1 | |
| Read | - | size = 2786, size_out = 2786 |
|
1 | |
| Read | - | size = 1210, size_out = 1210 |
|
1 | |
| Read | - | size = 540, size_out = 540 |
|
1 | |
| Read | - | size = 948, size_out = 948 |
|
1 | |
| Read | - | size = 2962, size_out = 2962 |
|
1 | |
| Read | - | size = 632, size_out = 632 |
|
1 | |
| Read | - | size = 5468, size_out = 5468 |
|
1 | |
| Read | - | size = 1825, size_out = 1825 |
|
1 | |
| Read | - | size = 809, size_out = 809 |
|
1 | |
| Read | - | size = 854, size_out = 854 |
|
1 | |
| Read | - | size = 2701, size_out = 2701 |
|
1 | |
| Read | - | size = 2950, size_out = 2950 |
|
1 | |
| Read | - | size = 1198, size_out = 1198 |
|
1 | |
| Read | - | size = 1001, size_out = 1001 |
|
1 | |
| Read | - | size = 680, size_out = 680 |
|
1 | |
| Read | - | size = 976, size_out = 976 |
|
1 | |
| Read | - | size = 445, size_out = 445 |
|
1 | |
| Read | - | size = 1160, size_out = 1160 |
|
1 | |
| Read | - | size = 2235, size_out = 2235 |
|
1 | |
| Read | - | size = 770, size_out = 770 |
|
1 | |
| Read | - | size = 1938, size_out = 1938 |
|
1 | |
| Read | - | size = 1336, size_out = 1336 |
|
1 | |
| Read | - | size = 8084, size_out = 8084 |
|
1 | |
| Read | - | size = 340, size_out = 340 |
|
1 | |
| Read | - | size = 392, size_out = 392 |
|
1 | |
| Read | - | size = 4890, size_out = 4890 |
|
1 | |
| Read | - | size = 492, size_out = 492 |
|
1 | |
| Read | - | size = 3846, size_out = 3846 |
|
1 | |
| Read | - | size = 9570, size_out = 9570 |
|
1 | |
| Read | - | size = 413, size_out = 413 |
|
2 | |
| Read | - | size = 203, size_out = 203 |
|
1 | |
| Read | - | size = 789, size_out = 789 |
|
1 | |
| Read | - | size = 686, size_out = 686 |
|
2 | |
| Read | - | size = 4445, size_out = 4445 |
|
1 | |
| Read | - | size = 1980, size_out = 1980 |
|
1 | |
| Read | - | size = 2783, size_out = 2783 |
|
1 | |
| Read | - | size = 1518, size_out = 1518 |
|
1 | |
| Read | - | size = 569, size_out = 569 |
|
1 | |
| Read | - | size = 4157, size_out = 4157 |
|
1 | |
| Read | - | size = 543, size_out = 543 |
|
1 | |
| Read | - | size = 4605, size_out = 4605 |
|
1 | |
| Read | - | size = 784, size_out = 784 |
|
2 | |
| Read | - | size = 1663, size_out = 1663 |
|
1 | |
| Read | - | size = 2147, size_out = 2147 |
|
1 | |
| Read | - | size = 975, size_out = 975 |
|
2 | |
| Read | - | size = 1337, size_out = 1337 |
|
1 | |
| Read | - | size = 497, size_out = 497 |
|
1 | |
| Read | - | size = 878, size_out = 878 |
|
2 | |
| Read | - | size = 1061, size_out = 1061 |
|
1 | |
| Read | - | size = 614, size_out = 614 |
|
1 | |
| Read | - | size = 1183, size_out = 1183 |
|
1 | |
| Read | - | size = 326, size_out = 326 |
|
1 | |
| Read | - | size = 81, size_out = 81 |
|
1 | |
| Read | - | size = 830, size_out = 830 |
|
1 | |
| Read | - | size = 1179, size_out = 1179 |
|
1 | |
| Read | - | size = 781, size_out = 781 |
|
1 | |
| Read | - | size = 534, size_out = 534 |
|
1 | |
| Read | - | size = 300, size_out = 300 |
|
2 | |
| Read | - | size = 1462, size_out = 1462 |
|
1 | |
| Read | - | size = 409, size_out = 409 |
|
1 | |
| Read | - | size = 225, size_out = 225 |
|
1 | |
| Read | - | size = 897, size_out = 897 |
|
1 | |
| Read | - | size = 2301, size_out = 2301 |
|
1 | |
| Read | - | size = 2443, size_out = 2443 |
|
1 | |
| Read | - | size = 215, size_out = 215 |
|
1 | |
| Read | - | size = 827, size_out = 827 |
|
1 | |
| Read | - | size = 5505, size_out = 5505 |
|
1 | |
| Read | - | size = 1071, size_out = 1071 |
|
1 | |
| Read | - | size = 1036, size_out = 1036 |
|
1 | |
| Read | - | size = 352, size_out = 352 |
|
1 | |
| Read | - | size = 1116, size_out = 1116 |
|
1 | |
| Read | - | size = 1796, size_out = 1796 |
|
1 | |
| Read | - | size = 448, size_out = 448 |
|
1 | |
| Read | - | size = 4013, size_out = 4013 |
|
1 | |
| Read | - | size = 1566, size_out = 1566 |
|
1 | |
| Read | - | size = 402, size_out = 402 |
|
1 | |
| Read | - | size = 1366, size_out = 1366 |
|
1 | |
| Read | - | size = 9311, size_out = 9311 |
|
1 | |
| Read | - | size = 3572, size_out = 3572 |
|
1 | |
| Read | - | size = 1619, size_out = 1619 |
|
1 | |
| Read | - | size = 2404, size_out = 2404 |
|
1 | |
| Read | - | size = 3013, size_out = 3013 |
|
1 | |
| Read | - | size = 1708, size_out = 1708 |
|
1 | |
| Read | - | size = 2879, size_out = 2879 |
|
1 | |
| Read | - | size = 1285, size_out = 1285 |
|
1 | |
| Read | - | size = 1398, size_out = 1398 |
|
1 | |
| Read | - | size = 1090, size_out = 1090 |
|
1 | |
| Read | - | size = 3789, size_out = 3789 |
|
1 | |
| Read | - | size = 436, size_out = 436 |
|
1 | |
| Read | - | size = 792, size_out = 792 |
|
1 | |
| Read | - | size = 384, size_out = 384 |
|
1 | |
| Read | - | size = 1217, size_out = 1217 |
|
1 | |
| Read | - | size = 480, size_out = 480 |
|
1 | |
| Read | - | size = 622, size_out = 622 |
|
1 | |
| Read | - | size = 76, size_out = 76 |
|
1 | |
| Read | - | size = 527, size_out = 527 |
|
1 | |
| Read | - | size = 4051, size_out = 4051 |
|
1 | |
| Read | - | size = 7991, size_out = 7991 |
|
1 | |
| Read | - | size = 704, size_out = 704 |
|
1 | |
| Read | - | size = 8401, size_out = 8401 |
|
1 | |
| Read | - | size = 2096, size_out = 2096 |
|
1 | |
| Read | - | size = 2691, size_out = 2691 |
|
1 | |
| Read | - | size = 1664, size_out = 1664 |
|
1 | |
| Read | - | size = 6028, size_out = 6028 |
|
1 | |
| Read | - | size = 7832, size_out = 7832 |
|
1 | |
| Read | - | size = 5512, size_out = 5512 |
|
1 | |
| Read | - | size = 949, size_out = 949 |
|
1 | |
| Read | - | size = 1167, size_out = 1167 |
|
1 | |
| Read | - | size = 1731, size_out = 1731 |
|
1 | |
| Read | - | size = 1427, size_out = 1427 |
|
1 | |
| Read | - | size = 1429, size_out = 1429 |
|
1 | |
| Read | - | size = 1873, size_out = 1873 |
|
1 | |
| Read | - | size = 8192, size_out = 108 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | - | size = 1396, size_out = 1396 |
|
1 | |
| Read | - | size = 582, size_out = 582 |
|
1 | |
| Read | - | size = 46400, size_out = 46400 |
|
1 | |
| Read | - | size = 357, size_out = 357 |
|
1 | |
| Read | - | size = 5472, size_out = 5472 |
|
1 | |
| Read | - | size = 3241, size_out = 3241 |
|
1 | |
| Read | - | size = 1886, size_out = 1886 |
|
1 | |
| Read | - | size = 5529, size_out = 5529 |
|
1 | |
| Read | - | size = 1188, size_out = 1188 |
|
1 | |
| Read | - | size = 7520, size_out = 7520 |
|
1 | |
| Read | - | size = 8446, size_out = 8446 |
|
1 | |
| Read | - | size = 5830, size_out = 5830 |
|
1 | |
| Read | - | size = 1929, size_out = 1929 |
|
1 | |
| Read | - | size = 519, size_out = 519 |
|
1 | |
| Read | - | size = 855, size_out = 855 |
|
1 | |
| Read | - | size = 152, size_out = 152 |
|
1 | |
| Read | - | size = 1206, size_out = 1206 |
|
1 | |
| Read | - | size = 7192, size_out = 7192 |
|
1 | |
| Read | - | size = 22580, size_out = 22580 |
|
1 | |
| Read | - | size = 2388, size_out = 2388 |
|
1 | |
| Read | - | size = 1746, size_out = 1746 |
|
1 | |
| Read | - | size = 845, size_out = 845 |
|
1 | |
| Read | - | size = 14934, size_out = 14934 |
|
1 | |
| Read | - | size = 322, size_out = 322 |
|
1 | |
| Read | - | size = 1032, size_out = 1032 |
|
1 | |
| Read | - | size = 773, size_out = 773 |
|
1 | |
| Read | - | size = 122, size_out = 122 |
|
1 | |
| Read | - | size = 3759, size_out = 3759 |
|
1 | |
| Read | - | size = 348, size_out = 348 |
|
1 | |
| Read | - | size = 26461, size_out = 26461 |
|
1 | |
| Read | - | size = 4540, size_out = 4540 |
|
1 | |
| Read | - | size = 1995, size_out = 1995 |
|
1 | |
| Read | - | size = 1261, size_out = 1261 |
|
1 | |
| Read | - | size = 4115, size_out = 4115 |
|
1 | |
| Read | - | size = 2598, size_out = 2598 |
|
1 | |
| Read | - | size = 11029, size_out = 11029 |
|
1 | |
| Read | - | size = 296, size_out = 296 |
|
1 | |
| Read | - | size = 1028, size_out = 1028 |
|
1 | |
| Read | - | size = 17440, size_out = 17440 |
|
1 | |
| Read | - | size = 3033, size_out = 3033 |
|
1 | |
| Read | - | size = 861, size_out = 861 |
|
1 | |
| Read | - | size = 2660, size_out = 2660 |
|
1 | |
| Read | - | size = 1444, size_out = 1444 |
|
1 | |
| Read | - | size = 1192, size_out = 1192 |
|
1 | |
| Read | - | size = 7071, size_out = 7071 |
|
1 | |
| Read | - | size = 2038, size_out = 2038 |
|
1 | |
| Read | - | size = 2049, size_out = 2049 |
|
1 | |
| Read | - | size = 1627, size_out = 1627 |
|
1 | |
| Read | - | size = 8760, size_out = 8760 |
|
1 | |
| Read | - | size = 3164, size_out = 3164 |
|
1 | |
| Read | - | size = 2552, size_out = 2552 |
|
1 | |
| Read | - | size = 1600, size_out = 1600 |
|
1 | |
| Read | - | size = 109, size_out = 109 |
|
1 | |
| Read | - | size = 235, size_out = 235 |
|
2 | |
| Read | - | size = 2863, size_out = 2863 |
|
2 | |
| Read | - | size = 443, size_out = 443 |
|
1 | |
| Read | - | size = 837, size_out = 837 |
|
2 | |
| Read | - | size = 3196, size_out = 3196 |
|
1 | |
| Read | - | size = 1262, size_out = 1262 |
|
1 | |
| Read | - | size = 1812, size_out = 1812 |
|
2 | |
| Read | - | size = 240, size_out = 240 |
|
1 | |
| Read | - | size = 734, size_out = 734 |
|
1 | |
| Read | - | size = 5122, size_out = 5122 |
|
1 | |
| Read | - | size = 285, size_out = 285 |
|
1 | |
| Read | - | size = 889, size_out = 889 |
|
1 | |
| Read | - | size = 3271, size_out = 3271 |
|
1 | |
| Read | - | size = 496, size_out = 496 |
|
1 | |
| Read | - | size = 23927, size_out = 23927 |
|
1 | |
| Read | - | size = 1227, size_out = 1227 |
|
1 | |
| Read | - | size = 761, size_out = 761 |
|
1 | |
| Read | - | size = 107, size_out = 107 |
|
1 | |
| Read | - | size = 2146, size_out = 2146 |
|
1 | |
| Read | - | size = 2114, size_out = 2114 |
|
1 | |
| Read | - | size = 3293, size_out = 3293 |
|
1 | |
| Read | - | size = 634, size_out = 634 |
|
1 | |
| Read | - | size = 725, size_out = 725 |
|
1 | |
| Read | - | size = 859, size_out = 859 |
|
1 | |
| Read | - | size = 1326, size_out = 1326 |
|
1 | |
| Read | - | size = 4319, size_out = 4319 |
|
1 | |
| Read | - | size = 595, size_out = 595 |
|
1 | |
| Read | - | size = 626, size_out = 626 |
|
1 | |
| Read | - | size = 763, size_out = 763 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 2191, size_out = 2191 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 103, size_out = 103 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 160, size_out = 160 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 30, size_out = 30 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 913, size_out = 913 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 852, size_out = 852 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 1319, size_out = 1319 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 1269, size_out = 1269 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 404, size_out = 404 |
|
1 | |
| Read | - | size = 1399, size_out = 1399 |
|
1 | |
| Read | - | size = 3618, size_out = 3618 |
|
1 | |
| Read | - | size = 1507, size_out = 1507 |
|
1 | |
| Read | - | size = 8099, size_out = 8099 |
|
1 | |
| Read | - | size = 964, size_out = 964 |
|
1 | |
| Read | - | size = 5799, size_out = 5799 |
|
1 | |
| Read | - | size = 3605, size_out = 3605 |
|
1 | |
| Write | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | size = 281 |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | - |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | - |
|
1 |
Registry (25)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | - |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | value_name = Desktop, data = C:\Users\2XC7u663GxWc\Desktop, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | value_name = GDIProcessHandleQuota, data = 16 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop | value_name = FontSmoothingOrientation, data = 1 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | value_name = Shell Icon BPP, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = NormalSize, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = NormalColor, type = REG_SZ |
|
1 |
Process (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | os_pid = 0x400, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | os_pid = 0x588, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Open | c:\program files\java\jre7\bin\java.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | exit_code = 1 |
|
1 |
Module (186)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll | base_address = 0x6acb0000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | base_address = 0x72100000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll | base_address = 0x720e0000 |
|
1 | |
| Load | COMCTL32.dll | base_address = 0x73ee0000 |
|
1 | |
| Load | GDI32.dll | base_address = 0x754f0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.DLL | base_address = 0x731f0000 |
|
1 | |
| Load | IPHLPAPI.DLL | base_address = 0x738f0000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\management.dll | base_address = 0x6da40000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunmscapi.dll | base_address = 0x6b6c0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
34 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x75280000 |
|
3 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe, size = 260 |
|
3 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x7559418d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x75591e16 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x755976e6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x75591f61 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_CreateJavaVM, address_out = 0x6ad78e70 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_GetDefaultJavaVMInitArgs, address_out = 0x6ad6e340 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | address_out = 0x720e6fcf |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorControl, address_out = 0x752a7a8b |
|
3 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _JNI_OnLoad@8, address_out = 0x71fa3379 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ref_Finalizer_invokeFinalizeMethod@12, address_out = 0x720e207c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDoubleClickTime, address_out = 0x76b4ade0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x76b567cf |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = ToAsciiEx, address_out = 0x76b8b797 |
|
13 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardState, address_out = 0x76b76946 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x6ce52210 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitCommonControlsEx, address_out = 0x73f009ce |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = LoadIconW, address_out = 0x76b4f142 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClassW, address_out = 0x76b4ed4a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDC, address_out = 0x76b5544c |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address_out = 0x754f6f7f |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = ReleaseDC, address_out = 0x76b55421 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CreateWindowExW, address_out = 0x76b4ec7c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcW, address_out = 0x76b5507d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address_out = 0x76b4e30c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleInitialize, address_out = 0x7637efd7 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address_out = 0x76b4e09a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSysColor, address_out = 0x76b5db7a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetStockObject, address_out = 0x754f5ddf |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = SelectObject, address_out = 0x754f6640 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextFaceW, address_out = 0x754fb73a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address_out = 0x754f7b8f |
|
1 | |
| Get Address | c:\windows\system32\dwmapi.dll | function = DwmIsCompositionEnabled, address_out = 0x731f1610 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x754f73ad |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDIBits, address_out = 0x754fa23b |
|
2 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteObject, address_out = 0x754f5f14 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_createFileExclusively@12, address_out = 0x720ea467 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_open@16, address_out = 0x720e1fe4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_writeBytes@24, address_out = 0x720e203c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_close0@8, address_out = 0x720e2063 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_getStillActive@8, address_out = 0x720e8e39 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessEnvironment_environmentBlock@8, address_out = 0x720e274a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_create@28, address_out = 0x720e8a87 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_terminateProcess@16, address_out = 0x720e8e7c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_delete0@12, address_out = 0x720ea507 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_NetworkInterface_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_NetworkInterface_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_NetworkInterface_init@8, address_out = 0x71fa157c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_NetworkInterface_getAll@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_NetworkInterface_getAll@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_NetworkInterface_getAll@8, address_out = 0x71fa214a |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIfTable, address_out = 0x738fae94 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetFriendlyIfIndex, address_out = 0x738fd855 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpAddrTable, address_out = 0x738f9bb0 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetAdaptersAddresses, address_out = 0x738f6a4d |
|
1 | |
| Get Address | Unknown module name | function = _JNI_OnLoad@8, address_out = 0x6da42194 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_sun_management_VMManagementImpl_getVersion0@8, address_out = 0x6da41e06 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_sun_management_VMManagementImpl_initOptionalSupportFields@8, address_out = 0x6da41e8a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_com_sun_management_OperatingSystem_initialize@8, address_out = 0x6da42a5b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = _Java_com_sun_management_OperatingSystem_getTotalPhysicalMemorySize@8, address_out = 0x6da4230d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_createDirectory@12, address_out = 0x720ea812 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_initIDs@8, address_out = 0x71fa6667 |
|
1 | |
| Get Address | Unknown module name | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_socket0@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_socket0@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_socket0@16, address_out = 0x71fa66ab |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_connect0@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_connect0@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_connect0@20, address_out = 0x71fa6793 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_close0@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_close0@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_close0@12, address_out = 0x71fa99e3 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_gc@8, address_out = 0x720e2caf |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_closeHandle@16, address_out = 0x720e8e8b |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PeekMessageW, address_out = 0x76b5634a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_awt_windows_WToolkit_shutdown@8, address_out = 0x6ce50ac0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SendMessageW, address_out = 0x76b55539 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = EnumThreadWindows, address_out = 0x76b4b712 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostMessageW, address_out = 0x76b5447b |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CallNextHookEx, address_out = 0x76b4abe1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PostQuitMessage, address_out = 0x76b4b308 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleUninitialize, address_out = 0x7637eba1 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetMessageW, address_out = 0x76b5cde8 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = IsWindow, address_out = 0x76b553ba |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DestroyWindow, address_out = 0x76b4b2f4 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\4024 | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\4024, protection = PAGE_READWRITE, maximum_size = 65536 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\4024 | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, desired_access = FILE_MAP_ALL_ACCESS |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | theAwtToolkitWindow | class_name = SunAwtToolkit, wndproc_parameter = 0 |
|
1 |
Keyboard (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
3 | |
| Read | result_out = 1 |
|
1 |
System (182)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:00 (UTC) |
|
42 | |
| Get Time | type = Ticks, time = 10910522 |
|
1 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:01 (UTC) |
|
12 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:02 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:03 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:04 (UTC) |
|
20 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:05 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:07 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:08 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:10 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:11 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:13 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:14 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:17 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:18 (UTC) |
|
18 | |
| Register Hook | type = WH_GETMESSAGE, hookproc_address = 0x6ce51da0 |
|
1 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Operating System |
|
3 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Operating System |
|
9 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | - |
|
1 |
Environment (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
2 | |
| Get Environment String | name = _ALT_JAVA_HOME_DIR |
|
1 | |
| Get Environment String | name = JAVA_TOOL_OPTIONS |
|
1 | |
| Get Environment String | name = _JAVA_OPTIONS |
|
1 |
Network Behavior
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = ZgW5tdPu |
|
2 | |
| Resolve Name | host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 |
|
1 |
Process #21: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:01, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x110 |
| Parent PID | 0xf58 (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
814
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0014ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0024ffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x00250000 | 0x002b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00300000 | 0x00321fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0033ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000340000 | 0x00340000 | 0x00407fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000410000 | 0x00410000 | 0x00510fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000520000 | 0x00520000 | 0x0111ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001120000 | 0x01120000 | 0x013aafff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x013b0000 | 0x0167efff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x01680000 | 0x01682fff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x49e70000 | 0x49ebbfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x114, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e70000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:50:01 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10912472 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7U6~1\AppData\Local\Temp |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #22: cscript.exe
93
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:02, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x114 |
| Parent PID | 0x110 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
788
0x
118
0x
4D4
0x
134
0x
498
0x
85C
0x
170
0x
264
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000dffff | Private Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000e0000 | 0x000e2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00110000 | 0x0011bfff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x00120000 | 0x00141fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00217fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0031ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000320000 | 0x00320000 | 0x00420fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000430000 | 0x00430000 | 0x00430fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000440000 | 0x00440000 | 0x00440fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive5186310507301951599.vbs | 0x00450000 | 0x00450fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0045ffff | Private Memory | - |
|
- |
|
- |
| retrive5186310507301951599.vbs | 0x00460000 | 0x00460fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00460000 | 0x0046efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0056ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000570000 | 0x00570000 | 0x0116ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| rpcss.dll | 0x01170000 | 0x011cbfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001170000 | 0x01170000 | 0x0128ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001170000 | 0x01170000 | 0x0124efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001250000 | 0x01250000 | 0x0128ffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x01290000 | 0x012cbfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001290000 | 0x01290000 | 0x0130ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001360000 | 0x01360000 | 0x0145ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01460000 | 0x0172efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001740000 | 0x01740000 | 0x0183ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000018e0000 | 0x018e0000 | 0x019dffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000019e0000 | 0x019e0000 | 0x01ddffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001de0000 | 0x01de0000 | 0x01edffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01f8ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x0209ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000020a0000 | 0x020a0000 | 0x021bffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002280000 | 0x02280000 | 0x0237ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002570000 | 0x02570000 | 0x0266ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000026f0000 | 0x026f0000 | 0x027effff | Private Memory | - |
|
- |
|
- |
| wbemdisp.dll | 0x6cc00000 | 0x6cc30fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x6cc40000 | 0x6cc6cfff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x6cc70000 | 0x6ccf3fff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x6cd30000 | 0x6cd45fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cd50000 | 0x6cdbafff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x6da40000 | 0x6da47fff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | size = 276, size_out = 276 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 244, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 244, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 244, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0x120000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs, protection = PAGE_READONLY, maximum_size = 276 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive5186310507301951599.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 860976 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 860976 |
|
1 |
System (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:02 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10912659 |
|
1 | |
| Get Time | type = Ticks, time = 10912925 |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #23: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:03, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x400 |
| Parent PID | 0xfb8 (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
3B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x001cffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x002fffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000300000 | 0x00300000 | 0x003c7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe | 0x003d0000 | 0x003f1fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x00400000 | 0x00402fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0046ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x00570fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000580000 | 0x00580000 | 0x0117ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001180000 | 0x01180000 | 0x0140afff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01410000 | 0x016defff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x49e70000 | 0x49ebbfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x130, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e70000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:50:03 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10913673 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7U6~1\AppData\Local\Temp |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #24: cscript.exe
93
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:03, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x130 |
| Parent PID | 0x400 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
310
0x
710
0x
88C
0x
878
0x
8EC
0x
4BC
0x
8FC
0x
660
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00100000 | 0x0010bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe | 0x00120000 | 0x00141fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00217fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000220000 | 0x00220000 | 0x00220fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive466295784543991919.vbs | 0x00230000 | 0x00230fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
- |
|
- |
| retrive466295784543991919.vbs | 0x00240000 | 0x00240fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00240000 | 0x0024efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0026ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00370000 | 0x003cbfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000370000 | 0x00370000 | 0x0044efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0056ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000570000 | 0x00570000 | 0x00670fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000680000 | 0x00680000 | 0x0127ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001280000 | 0x01280000 | 0x013cffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x01280000 | 0x012bbfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001280000 | 0x01280000 | 0x012effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000012f0000 | 0x012f0000 | 0x0137ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001390000 | 0x01390000 | 0x013cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000013d0000 | 0x013d0000 | 0x014cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001510000 | 0x01510000 | 0x0160ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01610000 | 0x018defff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001900000 | 0x01900000 | 0x019fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001b10000 | 0x01b10000 | 0x01c0ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001c10000 | 0x01c10000 | 0x0200ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000002040000 | 0x02040000 | 0x0213ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x0227ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x0223ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002240000 | 0x02240000 | 0x0227ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002310000 | 0x02310000 | 0x0240ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x0261ffff | Private Memory | - |
|
- |
|
- |
| wbemdisp.dll | 0x6cc00000 | 0x6cc30fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x6cc40000 | 0x6cc6cfff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x6cc70000 | 0x6ccf3fff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x6cd30000 | 0x6cd45fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cd50000 | 0x6cdbafff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x6da40000 | 0x6da47fff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | size = 276, size_out = 276 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 216, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 216, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 48, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 48, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0x120000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs, protection = PAGE_READONLY, maximum_size = 276 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive466295784543991919.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 2499376 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 2499376 |
|
1 |
System (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:03 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10913736 |
|
1 | |
| Get Time | type = Ticks, time = 10913783 |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #25: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #25 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:03, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x754 |
| Parent PID | 0xf58 (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
624
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x0012ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00133fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00150000 | 0x001b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x00287fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000290000 | 0x00290000 | 0x00296fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x002d0000 | 0x002f1fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x00300000 | 0x00302fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0040ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000410000 | 0x00410000 | 0x00510fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x005dffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000005e0000 | 0x005e0000 | 0x011dffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000011e0000 | 0x011e0000 | 0x0146afff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01470000 | 0x0173efff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x49e70000 | 0x49ebbfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x904, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e70000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:50:03 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10914126 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7U6~1\AppData\Local\Temp |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #26: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:03, Reason: Child Process |
| Unmonitor | End Time: 00:01:05, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x588 |
| Parent PID | 0xfb8 (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
154
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x0016ffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x00170000 | 0x001d6fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00200000 | 0x00221fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0032ffff | Private Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x00330000 | 0x00332fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x0039ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x00467fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x00570fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000580000 | 0x00580000 | 0x0117ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001180000 | 0x01180000 | 0x0140afff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01410000 | 0x016defff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x49e70000 | 0x49ebbfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6e390000 | 0x6e396fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
2 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x924, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e70000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7557ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75583ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x75592732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-07-19 09:50:03 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10914173 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7U6~1\AppData\Local\Temp |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #27: cscript.exe
92
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:04, Reason: Child Process |
| Unmonitor | End Time: 00:01:05, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x924 |
| Parent PID | 0x588 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
948
0x
958
0x
960
0x
96C
0x
214
0x
1CC
0x
460
0x
174
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00110000 | 0x0016bfff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x00110000 | 0x0011bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000120000 | 0x00120000 | 0x00120fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive3068316261550961408.vbs | 0x00140000 | 0x00140fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00140000 | 0x0017bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x0014ffff | Private Memory | - |
|
- |
|
- |
| retrive3068316261550961408.vbs | 0x00150000 | 0x00150fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00150000 | 0x0015efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x0027ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x002cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x0041ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x004e7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000004f0000 | 0x004f0000 | 0x005f0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0075ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000600000 | 0x00600000 | 0x006defff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000720000 | 0x00720000 | 0x0075ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000780000 | 0x00780000 | 0x0087ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000890000 | 0x00890000 | 0x0098ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000009e0000 | 0x009e0000 | 0x00adffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00b3ffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00b80000 | 0x00ba1fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000bb0000 | 0x00bb0000 | 0x017affff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x017b0000 | 0x01a7efff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000001a80000 | 0x01a80000 | 0x01e7ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001f40000 | 0x01f40000 | 0x0203ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002040000 | 0x02040000 | 0x0213ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x022effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002150000 | 0x02150000 | 0x0224ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000022b0000 | 0x022b0000 | 0x022effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002330000 | 0x02330000 | 0x0242ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002500000 | 0x02500000 | 0x025fffff | Private Memory | - |
|
- |
|
- |
| comctl32.dll | 0x6cc00000 | 0x6cc83fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cc90000 | 0x6ccfafff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x6cd30000 | 0x6cd60fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x6cd70000 | 0x6cd9cfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x6cda0000 | 0x6cdb5fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x6da30000 | 0x6da37fff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | size = 281, size_out = 281 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 132, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 132, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 132, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 124, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 124, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 208, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 208, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0xb80000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs, protection = PAGE_READONLY, maximum_size = 281 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3068316261550961408.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 926512 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 926512 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:03 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10914297 |
|
1 | |
| Get Time | type = Ticks, time = 10914407 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #28: cscript.exe
92
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs |
| Initial Working Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:01:04, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x904 |
| Parent PID | 0x754 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
908
0x
94C
0x
95C
0x
7F4
0x
5FC
0x
8AC
0x
158
0x
970
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00100000 | 0x0015bfff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x00100000 | 0x0010bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000120000 | 0x00120000 | 0x00120fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive1625750400979200631.vbs | 0x00130000 | 0x00130fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0013ffff | Private Memory | - |
|
- |
|
- |
| retrive1625750400979200631.vbs | 0x00140000 | 0x00140fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00140000 | 0x0014efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0025ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000260000 | 0x00260000 | 0x00327fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x00360000 | 0x0039bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x003cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x004effff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000004f0000 | 0x004f0000 | 0x005f0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0069ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000006a0000 | 0x006a0000 | 0x0077efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000007c0000 | 0x007c0000 | 0x008bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000008f0000 | 0x008f0000 | 0x009effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000a10000 | 0x00a10000 | 0x00b0ffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00b80000 | 0x00ba1fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000bb0000 | 0x00bb0000 | 0x017affff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x017b0000 | 0x01a7efff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000001a80000 | 0x01a80000 | 0x01e7ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001e80000 | 0x01e80000 | 0x01faffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001e80000 | 0x01e80000 | 0x01f7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x01faffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001fe0000 | 0x01fe0000 | 0x020dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000020e0000 | 0x020e0000 | 0x0225ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002310000 | 0x02310000 | 0x0240ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002440000 | 0x02440000 | 0x0253ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x0271ffff | Private Memory | - |
|
- |
|
- |
| comctl32.dll | 0x6cc00000 | 0x6cc83fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6cc90000 | 0x6ccfafff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x6cd30000 | 0x6cd60fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x6cd70000 | 0x6cd9cfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x6cda0000 | 0x6cdb5fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x6da30000 | 0x6da37fff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x70770000 | 0x70786fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70970000 | 0x7097efff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x71280000 | 0x712dbfff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x731f0000 | 0x73202fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73530000 | 0x7356ffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74450000 | 0x74458fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x74770000 | 0x747aafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x749d0000 | 0x749e5fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x74e50000 | 0x74e5bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x74e60000 | 0x74ebefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x74ef0000 | 0x74efdfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x74f70000 | 0x74f7bfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x74f80000 | 0x7509cfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x750c0000 | 0x750ecfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x75180000 | 0x751c9fff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x75200000 | 0x7521efff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75220000 | 0x75276fff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75280000 | 0x7531ffff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x75370000 | 0x7543bfff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x75440000 | 0x75458fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x75460000 | 0x754e2fff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x754f0000 | 0x7553dfff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x75540000 | 0x75613fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x75650000 | 0x756fbfff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x75700000 | 0x76349fff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x76360000 | 0x764bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x764c0000 | 0x76560fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x76570000 | 0x7660cfff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76850000 | 0x76855fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76870000 | 0x768a4fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x76ab0000 | 0x76b3efff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x76b40000 | 0x76c08fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76db0000 | 0x76eebfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x76f50000 | 0x76f59fff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x76ff0000 | 0x76ff0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | size = 281, size_out = 281 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 84, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 84, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 84, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 103, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 103, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 160, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 160, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75540000 |
|
2 | |
| Load | ole32.dll | base_address = 0x76360000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75280000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0xb80000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755924c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x75594157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x763a9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x752a2102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x752a3352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x752a3825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x763a6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x7636cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x7528ca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x7636c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs, protection = PAGE_READONLY, maximum_size = 281 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1625750400979200631.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 3482416 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 3482416 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:50:03 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10914251 |
|
1 | |
| Get Time | type = Ticks, time = 10914344 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #30: javaw.exe
5574
3
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe |
| Command Line | "C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:48, Reason: Autostart |
| Unmonitor | End Time: 00:05:11, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:23 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x35c |
| Parent PID | 0x7f4 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
378
0x
158
0x
3A0
0x
4DC
0x
4E0
0x
4D4
0x
4C4
0x
4CC
0x
4C0
0x
4BC
0x
5E4
0x
344
0x
318
0x
314
0x
57C
0x
134
0x
4D8
0x
6B0
0x
76C
0x
15C
0x
74C
0x
46C
0x
558
0x
250
0x
4B4
0x
21C
0x
318
0x
340
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00042fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | - |
|
- |
|
- |
| tzres.dll | 0x000d0000 | 0x000d0fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0014ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00217fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000220000 | 0x00220000 | 0x00221fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | - |
|
- |
|
- |
| 860 | 0x00250000 | 0x0025ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0028ffff | Private Memory | - |
|
- |
|
- |
| javaw.exe | 0x00290000 | 0x002befff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x003c0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x0042ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0043ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0044ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0045ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0046ffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x00470000 | 0x004abfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x005affff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000005b0000 | 0x005b0000 | 0x011affff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000011b0000 | 0x011b0000 | 0x012affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000011b0000 | 0x011b0000 | 0x0125ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000011d0000 | 0x011d0000 | 0x0121ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001250000 | 0x01250000 | 0x0125ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000012a0000 | 0x012a0000 | 0x012affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000012b0000 | 0x012b0000 | 0x013affff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000013b0000 | 0x013b0000 | 0x017a2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000017b0000 | 0x017b0000 | 0x0189ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000017b0000 | 0x017b0000 | 0x0182ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001860000 | 0x01860000 | 0x0189ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000018a0000 | 0x018a0000 | 0x0199ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000019a0000 | 0x019a0000 | 0x0399ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000039a0000 | 0x039a0000 | 0x03a4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003a90000 | 0x03a90000 | 0x03adffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b10000 | 0x03b10000 | 0x03b5ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b80000 | 0x03b80000 | 0x03bcffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c70000 | 0x03c70000 | 0x03cbffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003ce0000 | 0x03ce0000 | 0x03d2ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d70000 | 0x03d70000 | 0x03dbffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003e70000 | 0x03e70000 | 0x03ebffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003f50000 | 0x03f50000 | 0x03f9ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003fa0000 | 0x03fa0000 | 0x0419ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x041a0000 | 0x0446efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004470000 | 0x04470000 | 0x0456ffff | Private Memory | - |
|
- |
|
- |
| kernelbase.dll.mui | 0x04470000 | 0x0452ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004530000 | 0x04530000 | 0x0456ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004570000 | 0x04570000 | 0x0468ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000045a0000 | 0x045a0000 | 0x045effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004680000 | 0x04680000 | 0x0468ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004690000 | 0x04690000 | 0x0476ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004770000 | 0x04770000 | 0x048fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004770000 | 0x04770000 | 0x0486ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000048c0000 | 0x048c0000 | 0x048fffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004900000 | 0x04900000 | 0x04cfffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004d00000 | 0x04d00000 | 0x054fffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x28c1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x336cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x376cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000376d0000 | 0x376d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000376d0000 | 0x376d0000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000376d0000 | 0x376d0000 | 0x37b0ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x376d0000 | 0x37b0ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000037b10000 | 0x37b10000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x3871ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x380d0000 | 0x3871ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038720000 | 0x38720000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x38f3ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x38cd0000 | 0x38f3ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038f40000 | 0x38f40000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x390dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390e0000 | 0x390e0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| awt.dll | 0x6fae0000 | 0x6fc22fff | Memory Mapped File | - |
|
- |
|
- |
| net.dll | 0x6fe40000 | 0x6fe53fff | Memory Mapped File | - |
|
- |
|
- |
| sunec.dll | 0x6fe60000 | 0x6fe7ffff | Memory Mapped File | - |
|
- |
|
- |
| zip.dll | 0x6fe80000 | 0x6fe92fff | Memory Mapped File | - |
|
- |
|
- |
| java.dll | 0x6fea0000 | 0x6febffff | Memory Mapped File | - |
|
- |
|
- |
| msvcr100.dll | 0x700e0000 | 0x7019efff | Memory Mapped File | - |
|
- |
|
- |
| winrnr.dll | 0x702b0000 | 0x702b7fff | Memory Mapped File | - |
|
- |
|
- |
| pnrpnsp.dll | 0x702c0000 | 0x702d1fff | Memory Mapped File | - |
|
- |
|
- |
| napinsp.dll | 0x702e0000 | 0x702effff | Memory Mapped File | - |
|
- |
|
- |
| winmm.dll | 0x704a0000 | 0x704d1fff | Memory Mapped File | - |
|
- |
|
- |
| rasadhlp.dll | 0x719f0000 | 0x719f5fff | Memory Mapped File | - |
|
- |
|
- |
| nio.dll | 0x71c10000 | 0x71c1efff | Memory Mapped File | - |
|
- |
|
- |
| verify.dll | 0x71c20000 | 0x71c2bfff | Memory Mapped File | - |
|
- |
|
- |
| jvm.dll | 0x72880000 | 0x72bfffff | Memory Mapped File | - |
|
- |
|
- |
| fwpuclnt.dll | 0x73260000 | 0x73297fff | Memory Mapped File | - |
|
- |
|
- |
| winnsi.dll | 0x73370000 | 0x73376fff | Memory Mapped File | - |
|
- |
|
- |
| iphlpapi.dll | 0x73380000 | 0x7339bfff | Memory Mapped File | - |
|
- |
|
- |
| nlaapi.dll | 0x734e0000 | 0x734effff | Memory Mapped File | - |
|
- |
|
- |
| wsock32.dll | 0x73a30000 | 0x73a36fff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | - |
|
- |
|
- |
| wshtcpip.dll | 0x74710000 | 0x74714fff | Memory Mapped File | - |
|
- |
|
- |
| userenv.dll | 0x747e0000 | 0x747f6fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x749a0000 | 0x749dafff | Memory Mapped File | - |
|
- |
|
- |
| dnsapi.dll | 0x74a80000 | 0x74ac3fff | Memory Mapped File | - |
|
- |
|
- |
| wship6.dll | 0x74bb0000 | 0x74bb5fff | Memory Mapped File | - |
|
- |
|
- |
| mswsock.dll | 0x74bc0000 | 0x74bfbfff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x74c00000 | 0x74c15fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x75080000 | 0x7508bfff | Memory Mapped File | - |
|
- |
|
- |
| profapi.dll | 0x75130000 | 0x7513afff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75480000 | 0x754d6fff | Memory Mapped File | - |
|
- |
|
- |
| psapi.dll | 0x754e0000 | 0x754e4fff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x754f0000 | 0x75508fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x75510000 | 0x7559efff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x75c90000 | 0x75debfff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75df0000 | 0x75e8ffff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76100000 | 0x76105fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x761c0000 | 0x76260fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76fa0000 | 0x76fd4fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
|
For performance reasons, the remaining 33 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | 0.27 KB |
MD5:
a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510 SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn |
|
|
| C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\860 | 64.00 KB |
MD5:
fcd6bcb56c1689fcef28b57c22475bad
SHA1: 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961 SHA256: de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31 SSDeep: 3:: |
|
|
Host Behavior
File (3929)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\860 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
4 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\.accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | - |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\endorsed | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = size, size_out = 829 |
|
1 | |
| Get Info | C:\Windows\Sun\Java\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\access-bridge.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\dnsns.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\jaccess.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\localedata.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = file_attributes |
|
5 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\zipfs.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Sun\Java\lib\ext | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\management\usagetracker.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = size, size_out = 2190 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\sunrsasign.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\charsets.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jfr.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\classes | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | type = size, size_out = 17824 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\x86\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\net.dll | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\nio.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jaxp.properties | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\awt.dll | type = file_attributes |
|
5 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\swing.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\management.dll | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\ID.txt | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | - | type = size, size_out = 47 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\nccJQMiokAP | type = file_attributes |
|
4 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\x86\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = file_attributes |
|
2 | |
| Get Info | - | type = size, size_out = 3070 |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
6 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 22, size_out = 22 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 1024, size_out = 1024 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 30, size_out = 30 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | size = 4096, size_out = 686 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | size = 4096, size_out = 2190 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | size = 2416, size_out = 2416 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | size = 65536, size_out = 65536 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1781193, size_out = 1781193 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 160, size_out = 160 |
|
545 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 30, size_out = 30 |
|
544 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 709, size_out = 709 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 277, size_out = 277 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2305, size_out = 2305 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1022, size_out = 1022 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2882, size_out = 2882 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 104, size_out = 104 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 728, size_out = 728 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 345, size_out = 345 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 815, size_out = 815 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1105, size_out = 1105 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1761, size_out = 1761 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 514, size_out = 514 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 970, size_out = 970 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2589, size_out = 2589 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1008, size_out = 1008 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2004, size_out = 2004 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 669, size_out = 669 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | size = 8192, size_out = 829 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 962, size_out = 962 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 934, size_out = 934 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1720, size_out = 1720 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1012, size_out = 1012 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3028, size_out = 3028 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1111, size_out = 1111 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2976, size_out = 2976 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1189, size_out = 1189 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2646, size_out = 2646 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 966, size_out = 966 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 800, size_out = 800 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1280, size_out = 1280 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 628, size_out = 628 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 327, size_out = 327 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 12212, size_out = 12212 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 748, size_out = 748 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6630, size_out = 6630 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3392, size_out = 3392 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 4, size_out = 4 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 128, size_out = 128 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 30105, size_out = 30105 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2563, size_out = 2563 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 476, size_out = 476 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2703, size_out = 2703 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 753, size_out = 753 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3690, size_out = 3690 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3361, size_out = 3361 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3599, size_out = 3599 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 160, size_out = 160 |
|
265 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 260, size_out = 260 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1899, size_out = 1899 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 678, size_out = 678 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 30, size_out = 30 |
|
440 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 100, size_out = 100 |
|
8 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1909, size_out = 1909 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 670, size_out = 670 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 762, size_out = 762 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 391, size_out = 391 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 452, size_out = 452 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 536, size_out = 536 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 521, size_out = 521 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 491, size_out = 491 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 506, size_out = 506 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 515, size_out = 515 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 361, size_out = 361 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 331, size_out = 331 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 675, size_out = 675 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 451, size_out = 451 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 355, size_out = 355 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 299, size_out = 299 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 474, size_out = 474 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 655, size_out = 655 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 303, size_out = 303 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 335, size_out = 335 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 418, size_out = 418 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 430, size_out = 430 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 453, size_out = 453 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 555, size_out = 555 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 408, size_out = 408 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 477, size_out = 477 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 562, size_out = 562 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 394, size_out = 394 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 462, size_out = 462 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 371, size_out = 371 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 231, size_out = 231 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 496, size_out = 496 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 691, size_out = 691 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 509, size_out = 509 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 580, size_out = 580 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 348, size_out = 348 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 802, size_out = 802 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1127, size_out = 1127 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | size = 8192, size_out = 2190 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 329, size_out = 329 |
|
6 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 383, size_out = 383 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 332, size_out = 332 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 461, size_out = 461 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 570, size_out = 570 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 5504, size_out = 5504 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 582, size_out = 582 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 535, size_out = 535 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 678, size_out = 678 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 315, size_out = 315 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 6708, size_out = 6708 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 160, size_out = 160 |
|
36 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 30, size_out = 30 |
|
35 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1693, size_out = 1693 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1351, size_out = 1351 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1358, size_out = 1358 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | size = 8192, size_out = 8192 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | size = 8192, size_out = 1440 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2345, size_out = 2345 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 13694, size_out = 13694 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 160, size_out = 160 |
|
41 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 30, size_out = 30 |
|
41 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1056, size_out = 1056 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3940, size_out = 3940 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5672, size_out = 5672 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 844, size_out = 844 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1453, size_out = 1453 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2601, size_out = 2601 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1240, size_out = 1240 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 160, size_out = 160 |
|
13 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 30, size_out = 30 |
|
26 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 590, size_out = 590 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 525, size_out = 525 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1320, size_out = 1320 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2666, size_out = 2666 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 314, size_out = 314 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 951, size_out = 951 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 10594, size_out = 10594 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3882, size_out = 3882 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3549, size_out = 3549 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1381, size_out = 1381 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8211, size_out = 8211 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1075, size_out = 1075 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3695, size_out = 3695 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2117, size_out = 2117 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 346, size_out = 346 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 576, size_out = 576 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 24203, size_out = 24203 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13092, size_out = 13092 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 623, size_out = 623 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3174, size_out = 3174 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2257, size_out = 2257 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1621, size_out = 1621 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2395, size_out = 2395 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 14258, size_out = 14258 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 853, size_out = 853 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 967, size_out = 967 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3914, size_out = 3914 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5828, size_out = 5828 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 12814, size_out = 12814 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4077, size_out = 4077 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2399, size_out = 2399 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2181, size_out = 2181 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 308, size_out = 308 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 381, size_out = 381 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 78, size_out = 78 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4556, size_out = 4556 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6732, size_out = 6732 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 732, size_out = 732 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 454, size_out = 454 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 457, size_out = 457 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 973, size_out = 973 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 310, size_out = 310 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2812, size_out = 2812 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 278, size_out = 278 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 131, size_out = 131 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3431, size_out = 3431 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 382, size_out = 382 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 281, size_out = 281 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5929, size_out = 5929 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6713, size_out = 6713 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3217, size_out = 3217 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 265, size_out = 265 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6705, size_out = 6705 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3395, size_out = 3395 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1337, size_out = 1337 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5120, size_out = 5120 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 374, size_out = 374 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1663, size_out = 1663 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4945, size_out = 4945 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2801, size_out = 2801 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2263, size_out = 2263 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4843, size_out = 4843 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2266, size_out = 2266 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3589, size_out = 3589 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2498, size_out = 2498 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2363, size_out = 2363 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 631, size_out = 631 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 866, size_out = 866 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 282, size_out = 282 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3850, size_out = 3850 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 591, size_out = 591 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 907, size_out = 907 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3908, size_out = 3908 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8490, size_out = 8490 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 444, size_out = 444 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1731, size_out = 1731 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4645, size_out = 4645 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 11624, size_out = 11624 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 915, size_out = 915 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 390, size_out = 390 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1434, size_out = 1434 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 454, size_out = 454 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 5439, size_out = 5439 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 619, size_out = 619 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 10470, size_out = 10470 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 160, size_out = 160 |
|
27 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 30, size_out = 30 |
|
122 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3596, size_out = 3596 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3529, size_out = 3529 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1320, size_out = 1320 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 735, size_out = 735 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4170, size_out = 4170 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 817, size_out = 817 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 331, size_out = 331 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2357, size_out = 2357 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 187, size_out = 187 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3665, size_out = 3665 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 333, size_out = 333 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 2915, size_out = 2915 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 350, size_out = 350 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 160, size_out = 160 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 30, size_out = 30 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 213, size_out = 213 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 1319, size_out = 1319 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 151, size_out = 151 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 92, size_out = 92 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 47, size_out = 47 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 115, size_out = 115 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 502, size_out = 502 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 807, size_out = 807 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 530, size_out = 530 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1987, size_out = 1987 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 706, size_out = 706 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 3777, size_out = 3777 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 3082, size_out = 3082 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4270, size_out = 4270 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8559, size_out = 8559 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6031, size_out = 6031 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 671, size_out = 671 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1961, size_out = 1961 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3287, size_out = 3287 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 383, size_out = 383 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3661, size_out = 3661 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 292, size_out = 292 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 389, size_out = 389 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 411, size_out = 411 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 160, size_out = 160 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 30, size_out = 30 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 194, size_out = 194 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 242, size_out = 242 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 1318, size_out = 1318 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 153, size_out = 153 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 883, size_out = 883 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 994, size_out = 994 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 780, size_out = 780 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | size = 206, size_out = 206 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 533, size_out = 533 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 775, size_out = 775 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 301, size_out = 301 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 8192, size_out = 8192 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1137, size_out = 1137 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1009, size_out = 1009 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1052, size_out = 1052 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 269, size_out = 269 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1438, size_out = 1438 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2684, size_out = 2684 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 157, size_out = 157 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 902, size_out = 902 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1516, size_out = 1516 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 925, size_out = 925 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1403, size_out = 1403 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 684, size_out = 684 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2171, size_out = 2171 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1421, size_out = 1421 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 694, size_out = 694 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 171, size_out = 171 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1111, size_out = 1111 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 814, size_out = 814 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 608, size_out = 608 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 677, size_out = 677 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 274, size_out = 274 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1343, size_out = 1343 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 541, size_out = 541 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2912, size_out = 2912 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1249, size_out = 1249 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1311, size_out = 1311 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 265, size_out = 265 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1605, size_out = 1605 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 173, size_out = 173 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 230, size_out = 230 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1133, size_out = 1133 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 321, size_out = 321 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 190, size_out = 190 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3185, size_out = 3185 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4522, size_out = 4522 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 978, size_out = 978 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 839, size_out = 839 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1309, size_out = 1309 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1312, size_out = 1312 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 696, size_out = 696 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3200, size_out = 3200 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 207, size_out = 207 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 823, size_out = 823 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 824, size_out = 824 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 349, size_out = 349 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2972, size_out = 2972 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2977, size_out = 2977 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 611, size_out = 611 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 668, size_out = 668 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 283, size_out = 283 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1118, size_out = 1118 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 834, size_out = 834 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 769, size_out = 769 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1478, size_out = 1478 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1298, size_out = 1298 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1655, size_out = 1655 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 984, size_out = 984 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3278, size_out = 3278 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 833, size_out = 833 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1450, size_out = 1450 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1081, size_out = 1081 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 550, size_out = 550 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 922, size_out = 922 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 5457, size_out = 5457 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1143, size_out = 1143 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2597, size_out = 2597 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 325, size_out = 325 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 271, size_out = 271 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1084, size_out = 1084 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4495, size_out = 4495 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1404, size_out = 1404 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 5963, size_out = 5963 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1218, size_out = 1218 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 666, size_out = 666 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2371, size_out = 2371 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1686, size_out = 1686 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1029, size_out = 1029 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 306, size_out = 306 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1459, size_out = 1459 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 282, size_out = 282 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3227, size_out = 3227 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3051, size_out = 3051 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 740, size_out = 740 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3619, size_out = 3619 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5175, size_out = 5175 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 745, size_out = 745 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2772, size_out = 2772 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 632, size_out = 632 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 458, size_out = 458 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2124, size_out = 2124 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1186, size_out = 1186 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1096, size_out = 1096 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 287, size_out = 287 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 423, size_out = 423 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 336, size_out = 336 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 564, size_out = 564 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 478, size_out = 478 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 427, size_out = 427 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 374, size_out = 374 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 345, size_out = 345 |
|
8 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 637, size_out = 637 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 289, size_out = 289 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 486, size_out = 486 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 516, size_out = 516 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 194, size_out = 194 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 649, size_out = 649 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 644, size_out = 644 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 424, size_out = 424 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 377, size_out = 377 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 624, size_out = 624 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 623, size_out = 623 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1225, size_out = 1225 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 175, size_out = 175 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 550, size_out = 550 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 444, size_out = 444 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 397, size_out = 397 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 642, size_out = 642 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 622, size_out = 622 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 492, size_out = 492 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 495, size_out = 495 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 411, size_out = 411 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 544, size_out = 544 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 261, size_out = 261 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 629, size_out = 629 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 439, size_out = 439 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 441, size_out = 441 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 2219, size_out = 2219 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 472, size_out = 472 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1542, size_out = 1542 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 289, size_out = 289 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 299, size_out = 299 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 315, size_out = 315 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 297, size_out = 297 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 304, size_out = 304 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 489, size_out = 489 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 586, size_out = 586 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4645, size_out = 4645 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 621, size_out = 621 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1138, size_out = 1138 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 2433, size_out = 2433 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 314, size_out = 314 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 8192, size_out = 8192 |
|
81 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 6767, size_out = 6767 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 5374, size_out = 5374 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 1470, size_out = 1470 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 546, size_out = 546 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 3, size_out = 3 |
|
161 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 864, size_out = 864 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 632, size_out = 632 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 270, size_out = 270 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 658, size_out = 658 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 399, size_out = 399 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 904, size_out = 904 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 463, size_out = 463 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 156, size_out = 156 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 91, size_out = 91 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 163, size_out = 163 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 29, size_out = 29 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 1, size_out = 1 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 388, size_out = 388 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 164, size_out = 164 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 222, size_out = 222 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 962, size_out = 962 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 165, size_out = 165 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 253, size_out = 253 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 437, size_out = 437 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 283, size_out = 283 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 187, size_out = 187 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 256, size_out = 256 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 347, size_out = 347 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 209, size_out = 209 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 90, size_out = 90 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 802, size_out = 802 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 129, size_out = 129 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 300, size_out = 300 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 63, size_out = 63 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 634, size_out = 634 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 61, size_out = 61 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 412, size_out = 412 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 188, size_out = 188 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 350, size_out = 350 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 1074, size_out = 1074 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 706, size_out = 706 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 130, size_out = 130 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 110, size_out = 110 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 342, size_out = 342 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 141, size_out = 141 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 192, size_out = 192 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 242, size_out = 242 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 179, size_out = 179 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 284, size_out = 284 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 122, size_out = 122 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 323, size_out = 323 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 151, size_out = 151 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 818, size_out = 818 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 690, size_out = 690 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 312, size_out = 312 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 94, size_out = 94 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 58, size_out = 58 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 153, size_out = 153 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 994, size_out = 994 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 514, size_out = 514 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 694, size_out = 694 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 42, size_out = 42 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 38, size_out = 38 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 398, size_out = 398 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 455, size_out = 455 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 400, size_out = 400 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 469, size_out = 469 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 259, size_out = 259 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 577, size_out = 577 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 443, size_out = 443 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 467, size_out = 467 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 528, size_out = 528 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 406, size_out = 406 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 616, size_out = 616 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 563, size_out = 563 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 364, size_out = 364 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 513, size_out = 513 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 507, size_out = 507 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 518, size_out = 518 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 389, size_out = 389 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 604, size_out = 604 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 293, size_out = 293 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 5754, size_out = 5754 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 405, size_out = 405 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 206, size_out = 206 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 429, size_out = 429 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 291, size_out = 291 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 328, size_out = 328 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 640, size_out = 640 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 446, size_out = 446 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 409, size_out = 409 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 417, size_out = 417 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 476, size_out = 476 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 614, size_out = 614 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 257, size_out = 257 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 619, size_out = 619 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 344, size_out = 344 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 450, size_out = 450 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 473, size_out = 473 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 4306, size_out = 4306 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 274, size_out = 274 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1989, size_out = 1989 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 900, size_out = 900 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1716, size_out = 1716 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 463, size_out = 463 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 503, size_out = 503 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 543, size_out = 543 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 220, size_out = 220 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 545, size_out = 545 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 360, size_out = 360 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 737, size_out = 737 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 249, size_out = 249 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 480, size_out = 480 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 589, size_out = 589 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 232, size_out = 232 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 334, size_out = 334 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 636, size_out = 636 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 370, size_out = 370 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 529, size_out = 529 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 365, size_out = 365 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 617, size_out = 617 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 4162, size_out = 4162 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 955, size_out = 955 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 645, size_out = 645 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6444, size_out = 6444 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 874, size_out = 874 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 513, size_out = 513 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 120, size_out = 120 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 112, size_out = 112 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 238, size_out = 238 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 121, size_out = 121 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 320, size_out = 320 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 13, size_out = 13 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 1666, size_out = 1666 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 7019, size_out = 7019 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1664, size_out = 1664 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 708, size_out = 708 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2656, size_out = 2656 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 588, size_out = 588 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2520, size_out = 2520 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2709, size_out = 2709 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 718, size_out = 718 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 284, size_out = 284 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 14716, size_out = 14716 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2111, size_out = 2111 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8292, size_out = 8292 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6007, size_out = 6007 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2905, size_out = 2905 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 937, size_out = 937 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 585, size_out = 585 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1544, size_out = 1544 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 12572, size_out = 12572 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1904, size_out = 1904 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2008, size_out = 2008 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 783, size_out = 783 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 19213, size_out = 19213 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 332, size_out = 332 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3606, size_out = 3606 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 403, size_out = 403 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9943, size_out = 9943 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 596, size_out = 596 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 612, size_out = 612 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 544, size_out = 544 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 697, size_out = 697 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 604, size_out = 604 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 452, size_out = 452 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 586, size_out = 586 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 525, size_out = 525 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1974, size_out = 1974 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1159, size_out = 1159 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 426, size_out = 426 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7100, size_out = 7100 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 229, size_out = 229 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 366, size_out = 366 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3515, size_out = 3515 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2163, size_out = 2163 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 179, size_out = 179 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6028, size_out = 6028 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7832, size_out = 7832 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5512, size_out = 5512 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 949, size_out = 949 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1167, size_out = 1167 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1427, size_out = 1427 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1429, size_out = 1429 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1873, size_out = 1873 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 167, size_out = 167 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 196, size_out = 196 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2351, size_out = 2351 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 877, size_out = 877 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 18, size_out = 18 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 237, size_out = 237 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 850, size_out = 850 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1401, size_out = 1401 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 412, size_out = 412 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 448, size_out = 448 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 692, size_out = 692 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 660, size_out = 660 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5861, size_out = 5861 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | size = 33985, size_out = 33985 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3671, size_out = 3671 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 10989, size_out = 10989 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 407, size_out = 407 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9301, size_out = 9301 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 28702, size_out = 28702 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6453, size_out = 6453 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2101, size_out = 2101 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2652, size_out = 2652 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1139, size_out = 1139 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2005, size_out = 2005 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5981, size_out = 5981 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 22809, size_out = 22809 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 536, size_out = 536 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1862, size_out = 1862 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 643, size_out = 643 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 112, size_out = 112 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3932, size_out = 3932 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2027, size_out = 2027 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 31499, size_out = 31499 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 659, size_out = 659 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 375, size_out = 375 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1932, size_out = 1932 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 419, size_out = 419 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1599, size_out = 1599 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 335, size_out = 335 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2771, size_out = 2771 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 831, size_out = 831 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1589, size_out = 1589 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 505, size_out = 505 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7594, size_out = 7594 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 16872, size_out = 16872 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 362, size_out = 362 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 435, size_out = 435 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6262, size_out = 6262 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9824, size_out = 9824 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13080, size_out = 13080 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 26877, size_out = 26877 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 460, size_out = 460 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 302, size_out = 302 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 503, size_out = 503 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 136, size_out = 136 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 17075, size_out = 17075 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1002, size_out = 1002 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1378, size_out = 1378 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2396, size_out = 2396 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1786, size_out = 1786 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1740, size_out = 1740 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2528, size_out = 2528 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4399, size_out = 4399 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9883, size_out = 9883 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 373, size_out = 373 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1114, size_out = 1114 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8460, size_out = 8460 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1477, size_out = 1477 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 872, size_out = 872 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3313, size_out = 3313 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 743, size_out = 743 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2872, size_out = 2872 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4879, size_out = 4879 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2958, size_out = 2958 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2419, size_out = 2419 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 239, size_out = 239 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 401, size_out = 401 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 27718, size_out = 27718 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 337, size_out = 337 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 18188, size_out = 18188 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 236, size_out = 236 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 272, size_out = 272 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 850, size_out = 850 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3851, size_out = 3851 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 25359, size_out = 25359 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 251, size_out = 251 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 234, size_out = 234 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3171, size_out = 3171 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1336, size_out = 1336 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1685, size_out = 1685 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 898, size_out = 898 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6859, size_out = 6859 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3482, size_out = 3482 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2798, size_out = 2798 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1566, size_out = 1566 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1781, size_out = 1781 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1279, size_out = 1279 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 429, size_out = 429 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1958, size_out = 1958 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 551, size_out = 551 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1772, size_out = 1772 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2275, size_out = 2275 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5453, size_out = 5453 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 675, size_out = 675 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1051, size_out = 1051 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3280, size_out = 3280 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 829, size_out = 829 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 10444, size_out = 10444 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1204, size_out = 1204 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 16744, size_out = 16744 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13269, size_out = 13269 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 25511, size_out = 25511 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8503, size_out = 8503 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1258, size_out = 1258 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13723, size_out = 13723 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 311, size_out = 311 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 15196, size_out = 15196 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 30281, size_out = 30281 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 192, size_out = 192 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 215, size_out = 215 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 198, size_out = 198 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1163, size_out = 1163 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2019, size_out = 2019 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6137, size_out = 6137 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1243, size_out = 1243 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 15748, size_out = 15748 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 495, size_out = 495 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1363, size_out = 1363 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1523, size_out = 1523 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1236, size_out = 1236 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1129, size_out = 1129 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1795, size_out = 1795 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6907, size_out = 6907 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2460, size_out = 2460 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 10895, size_out = 10895 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 400, size_out = 400 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3003, size_out = 3003 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4773, size_out = 4773 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6236, size_out = 6236 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1694, size_out = 1694 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1297, size_out = 1297 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1415, size_out = 1415 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9480, size_out = 9480 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6808, size_out = 6808 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 618, size_out = 618 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1065, size_out = 1065 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5179, size_out = 5179 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4140, size_out = 4140 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 427, size_out = 427 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2727, size_out = 2727 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\cqsFQOTqbmg\zoIZCxYZMIr.EAMkwm | size = 211, size_out = 211 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2786, size_out = 2786 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1210, size_out = 1210 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 948, size_out = 948 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2962, size_out = 2962 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\accessibility.properties | size = 8192, size_out = 155 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\accessibility.properties | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5468, size_out = 5468 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1825, size_out = 1825 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 809, size_out = 809 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 854, size_out = 854 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2701, size_out = 2701 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2950, size_out = 2950 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1198, size_out = 1198 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1001, size_out = 1001 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 680, size_out = 680 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 976, size_out = 976 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 445, size_out = 445 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1160, size_out = 1160 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2235, size_out = 2235 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 770, size_out = 770 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1938, size_out = 1938 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8084, size_out = 8084 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 340, size_out = 340 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 392, size_out = 392 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4890, size_out = 4890 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 492, size_out = 492 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3846, size_out = 3846 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9570, size_out = 9570 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 413, size_out = 413 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 203, size_out = 203 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 789, size_out = 789 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 686, size_out = 686 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4445, size_out = 4445 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1980, size_out = 1980 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2783, size_out = 2783 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1518, size_out = 1518 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3082, size_out = 3082 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 569, size_out = 569 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 333, size_out = 333 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4157, size_out = 4157 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 169, size_out = 169 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 543, size_out = 543 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4605, size_out = 4605 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 784, size_out = 784 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2147, size_out = 2147 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 975, size_out = 975 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 497, size_out = 497 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 878, size_out = 878 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1061, size_out = 1061 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 614, size_out = 614 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1183, size_out = 1183 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 326, size_out = 326 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 81, size_out = 81 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 830, size_out = 830 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1179, size_out = 1179 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 781, size_out = 781 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 534, size_out = 534 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 300, size_out = 300 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1462, size_out = 1462 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 409, size_out = 409 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 225, size_out = 225 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 897, size_out = 897 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2301, size_out = 2301 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2443, size_out = 2443 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 827, size_out = 827 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5505, size_out = 5505 |
|
1 | |
|
For performance reasons, the remaining 141 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (25)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | - |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | value_name = Desktop, data = C:\Users\2XC7u663GxWc\Desktop, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | value_name = GDIProcessHandleQuota, data = 16 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop | value_name = FontSmoothingOrientation, data = 1 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | value_name = Shell Icon BPP, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = NormalSize, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = NormalColor, type = REG_SZ |
|
1 |
Process (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | os_pid = 0x290, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | os_pid = 0x558, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | os_pid = 0x42c, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | exit_code = 1 |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | exit_code = 1 |
|
1 |
Module (1039)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll | base_address = 0x700e0000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll | base_address = 0x72880000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | base_address = 0x71c20000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll | base_address = 0x6fea0000 |
|
5 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll | base_address = 0x6fe80000 |
|
22 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunec.dll | base_address = 0x6fe60000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\net.dll | base_address = 0x6fe40000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\nio.dll | base_address = 0x71c10000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\awt.dll | - |
|
1 | |
| Load | USER32.dll | base_address = 0x75880000 |
|
1 | |
| Load | COMCTL32.dll | base_address = 0x74110000 |
|
1 | |
| Load | GDI32.dll | base_address = 0x75ec0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x75c90000 |
|
1 | |
| Load | C:\Windows\system32\user32.dll | base_address = 0x75880000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.DLL | base_address = 0x73c60000 |
|
1 | |
| Load | C:\Windows\system32\UXTHEME.DLL | base_address = 0x73f90000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x755a0000 |
|
49 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x75df0000 |
|
3 | |
| Get Handle | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | base_address = 0x72880000 |
|
3 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe, size = 260 |
|
4 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
2 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
8 | |
| Get Filename | c:\windows\system32\kernel32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 |
|
8 | |
| Get Filename | c:\windows\system32\advapi32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\SYSTEM32\sechost.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\GDI32.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 |
|
8 | |
| Get Filename | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll, size = 260 |
|
8 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WSOCK32.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WS2_32.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WINMM.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\PSAPI.DLL, size = 260 |
|
8 | |
| Get Filename | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll, size = 260 |
|
8 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll, size = 260 |
|
8 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll, size = 260 |
|
8 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
4 | |
| Get Filename | c:\windows\system32\kernel32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 |
|
4 | |
| Get Filename | c:\windows\system32\advapi32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\SYSTEM32\sechost.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\GDI32.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 |
|
4 | |
| Get Filename | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll, size = 260 |
|
4 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WSOCK32.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WS2_32.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WINMM.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\PSAPI.DLL, size = 260 |
|
4 | |
| Get Filename | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll, size = 260 |
|
4 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll, size = 260 |
|
4 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
12 | |
| Get Filename | c:\windows\system32\kernel32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\kernel32.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\KERNELBASE.dll, size = 260 |
|
12 | |
| Get Filename | c:\windows\system32\advapi32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\ADVAPI32.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\msvcrt.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\SYSTEM32\sechost.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\RPCRT4.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\USER32.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\GDI32.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\LPK.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\USP10.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\SHLWAPI.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\MSCTF.dll, size = 260 |
|
12 | |
| Get Filename | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll, size = 260 |
|
12 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WSOCK32.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WS2_32.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\NSI.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\WINMM.dll, size = 260 |
|
12 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Windows\system32\PSAPI.DLL, size = 260 |
|
12 | |
| Get Filename | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll, size = 260 |
|
12 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll, size = 260 |
|
12 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll, size = 260 |
|
12 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x755f418d |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x755f1e16 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x755f76e6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x755f1f61 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_CreateJavaVM, address_out = 0x72948e70 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_GetDefaultJavaVMInitArgs, address_out = 0x7293e340 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | address_out = 0x6fea6fcf |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorControl, address_out = 0x75e17a8b |
|
3 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_Open, address_out = 0x6fe83af6 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_Close, address_out = 0x6fe83a1c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_FindEntry, address_out = 0x6fe83661 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_ReadEntry, address_out = 0x6fe83697 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_ReadMappedEntry, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_GetNextEntry, address_out = 0x6fe83622 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = Canonicalize, address_out = 0x6fea5f09 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Object_registerNatives@8, address_out = 0x6fea20dc |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_registerNatives@8, address_out = 0x6fea3035 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_identityHashCode@12, address_out = 0x6fea3050 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Thread_registerNatives@8, address_out = 0x6fea467c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_getStackAccessControlContext@8, address_out = 0x6fea1064 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_getInheritedAccessControlContext@8, address_out = 0x6fea1069 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged@12, address_out = 0x0 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_registerNatives@8, address_out = 0x6fea1498 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2@12, address_out = 0x6fea1000 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_registerNatives@8, address_out = 0x6fea12da |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_getPrimitiveClass@12, address_out = 0x6fea1445 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Float_floatToRawIntBits@12, address_out = 0x6fea20cc |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Double_doubleToRawLongBits@16, address_out = 0x6fea1ce8 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_VM_initialize@8, address_out = 0x6fea87ac |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JVM_GetVersionInfo, address_out = 0x7296d980 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_initProperties@12, address_out = 0x6fea3350 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x755dbe77 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = NewStringPlatform, address_out = 0x6fea6cc9 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_maxMemory@8, address_out = 0x6fea2ca7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Throwable_fillInStackTrace@12, address_out = 0x6fea4697 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_Reflection_getCallerClass@8, address_out = 0x6fea7d85 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_String_intern@8, address_out = 0x6fea12d5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_initIDs@8, address_out = 0x6fea1dd1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileDescriptor_initIDs@8, address_out = 0x6fea1d29 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileDescriptor_set@12, address_out = 0x6fea1d6a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_initIDs@8, address_out = 0x6fea1fbf |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_freeMemory@8, address_out = 0x6fea2c97 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_setIn0@12, address_out = 0x6fea44d1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Object_getClass@8, address_out = 0x6fea20f7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_forName0@20, address_out = 0x6fea1300 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_Reflection_getClassAccessFlags@12, address_out = 0x6fea7da3 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16, address_out = 0x6fea7d71 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_setOut0@12, address_out = 0x6fea4507 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_setErr0@12, address_out = 0x6fea453d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileSystem_getFileSystem@8, address_out = 0x6fea1cfb |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_Win32FileSystem_initIDs@8, address_out = 0x6fea8f36 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_initIDs@8, address_out = 0x6fea9b30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFinalPathNameByHandleW, address_out = 0x755d4e2a |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_mapLibraryName@12, address_out = 0x6fea4594 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_getBooleanAttributes@12, address_out = 0x6feaa1a8 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_canonicalize0@12, address_out = 0x6fea9e1d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_00024NativeLibrary_load@12, address_out = 0x6fea18e4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_Signal_findSignal@12, address_out = 0x6fea46b5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_Signal_handle0@20, address_out = 0x6fea46ef |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_io_Win32ErrorMode_setErrorMode@16, address_out = 0x6feac3d5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Compiler_registerNatives@8, address_out = 0x6fea1b79 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_isAssignableFrom@12, address_out = 0x6fea141b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_concurrent_atomic_AtomicLong_VMSupportsCS8@8, address_out = 0x6fea83ed |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_00024NativeLibrary_find@12, address_out = 0x6fea1ae7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_security_AccessController_doPrivileged@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2@12, address_out = 0x6fea1032 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_open@12, address_out = 0x6fea1df4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_readBytes@20, address_out = 0x6fea1e2c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_available@8, address_out = 0x6fea1f10 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_reflect_Array_newArray@16, address_out = 0x6fea12ad |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_availableProcessors@8, address_out = 0x6fea2d11 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_close0@8, address_out = 0x6fea1fa6 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_list@12, address_out = 0x6feaa570 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_canonicalizeWithPrefix0@16, address_out = 0x6fea9f47 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JVM_FindClassFromBootLoader, address_out = 0x72975a90 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_initIDs@8, address_out = 0x6fe8190b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_getLastModifiedTime@12, address_out = 0x6feaa314 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_open@28, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_open@28, address_out = 0x6fe81960 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getTotal@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getTotal@16, address_out = 0x6fe81a47 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_startsWithLOC@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_startsWithLOC@16, address_out = 0x6fe81a51 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntry@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntry@24, address_out = 0x6fe81a67 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryFlag@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryFlag@16, address_out = 0x6fe81b65 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryTime@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryTime@16, address_out = 0x6fe81b97 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryCrc@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryCrc@16, address_out = 0x6fe81ba3 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntrySize@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntrySize@16, address_out = 0x6fe81b8a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryCSize@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryCSize@16, address_out = 0x6fe81b6f |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryMethod@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryMethod@16, address_out = 0x6fe81b4f |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryBytes@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryBytes@20, address_out = 0x6fe81bed |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_freeEntry@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_freeEntry@24, address_out = 0x6fe81b2c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_initIDs@8, address_out = 0x6fe81583 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_init@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_init@12, address_out = 0x6fe8160b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_inflateBytes@28, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_inflateBytes@28, address_out = 0x6fe816f2 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_read@44, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_read@44, address_out = 0x6fe81cba |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_reset@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_reset@16, address_out = 0x6fe818c5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_end@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_end@16, address_out = 0x6fe818e1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_close@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_close@16, address_out = 0x6fe81a5b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_findLoadedClass0@12, address_out = 0x6fea1876 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_findBootstrapClass@12, address_out = 0x6fea17e7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged@16, address_out = 0x0 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_security_AccessController_doPrivileged@16, address_out = 0x0 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16, address_out = 0x6fea104a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Package_getSystemPackage0@12, address_out = 0x6fea269c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_jar_JarFile_getMetaInfEntryNames@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_jar_JarFile_getMetaInfEntryNames@8, address_out = 0x6fe81da5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_defineClass1@32, address_out = 0x6fea150c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2@16, address_out = 0x6fea1018 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Double_longBitsToDouble@16, address_out = 0x6fea1cd0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getNextEntry@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getNextEntry@20, address_out = 0x6fe81b3e |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _JNI_OnLoad@8, address_out = 0x6fe43379 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_InetAddress_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_InetAddress_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_InetAddress_init@8, address_out = 0x6fe410b4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_InetAddressImplFactory_isIPv6Supported@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_InetAddressImplFactory_isIPv6Supported@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_InetAddressImplFactory_isIPv6Supported@8, address_out = 0x6fe421d1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet6AddressImpl_getLocalHostName@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet6AddressImpl_getLocalHostName@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet6AddressImpl_getLocalHostName@8, address_out = 0x6fe427ad |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12, address_out = 0x6fe4280a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet4Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet4Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet4Address_init@8, address_out = 0x6fe411ac |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet6Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet6Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet6Address_init@8, address_out = 0x6fe411ed |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_totalMemory@8, address_out = 0x6fea2c9f |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_isInstance@12, address_out = 0x6fea13f8 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ref_Finalizer_invokeFinalizeMethod@12, address_out = 0x6fea207c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20, address_out = 0x6fea7d59 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_SecurityManager_getClassContext@8, address_out = 0x6fea2d87 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntryBytes@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntryBytes__JI@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntryBytes, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntryBytes__JI, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntrySize@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntrySize__J@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntrySize, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntrySize__J, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_CRC32_update@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_CRC32_update@16, address_out = 0x6fe81000 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_CRC32_updateBytes@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_CRC32_updateBytes@24, address_out = 0x6fe8101e |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_ObjectStreamClass_initNative@8, address_out = 0x6fea25ca |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_VM_latestUserDefinedLoader@8, address_out = 0x6fea87a0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Float_intBitsToFloat@12, address_out = 0x6fea20bc |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_resolveClass0@12, address_out = 0x6fea17c3 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_security_provider_NativeSeedGenerator_nativeGenerateSeed@12, address_out = 0x6feac342 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_initIDs@8, address_out = 0x71c13b26 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstStreamW, address_out = 0x755fc8fa |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextStreamW, address_out = 0x755fc838 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x75629aa9 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindFirstFile0@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindFirstFile0@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindFirstFile0@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindFirstFile0@20, address_out = 0x71c13fff |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindNextFile@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindNextFile@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindNextFile@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindNextFile@24, address_out = 0x71c140f5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindClose@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindClose@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindClose@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_nio_fs_WindowsNativeDispatcher_FindClose@16, address_out = 0x71c142c4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_createFileExclusively@12, address_out = 0x6feaa467 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_open@16, address_out = 0x6fea1fe4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_writeBytes@24, address_out = 0x6fea203c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_close0@8, address_out = 0x6fea2063 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_getStillActive@8, address_out = 0x6fea8e39 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessEnvironment_environmentBlock@8, address_out = 0x6fea274a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_create@28, address_out = 0x6fea8a87 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = VerifyClassCodesForMajorVersion, address_out = 0x6fea4724 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _JavaCritical_java_lang_System_nanoTime@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _JavaCritical_java_lang_System_nanoTime__@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = JavaCritical_java_lang_System_nanoTime, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = JavaCritical_java_lang_System_nanoTime__, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntryCSize@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntryCSize__J@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntryCSize, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntryCSize__J, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntryMethod@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_getEntryMethod__J@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntryMethod, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_getEntryMethod__J, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_freeEntry@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JavaCritical_java_util_zip_ZipFile_freeEntry__JJ@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_freeEntry, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JavaCritical_java_util_zip_ZipFile_freeEntry__JJ, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | address_out = 0x7588df8d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardLayout, address_out = 0x75893800 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDoubleClickTime, address_out = 0x7588ade0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x758967cf |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = MapVirtualKeyExW, address_out = 0x758afb48 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = ToAsciiEx, address_out = 0x758cb797 |
|
13 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardState, address_out = 0x758b6946 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClipboardFormatW, address_out = 0x7588df8d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x6fb72210 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitCommonControlsEx, address_out = 0x741309ce |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = LoadIconW, address_out = 0x7588f142 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClassW, address_out = 0x7588ed4a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDC, address_out = 0x7589544c |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address_out = 0x75ec6f7f |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = ReleaseDC, address_out = 0x75895421 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CreateWindowExW, address_out = 0x7588ec7c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcW, address_out = 0x7589507d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address_out = 0x7588e30c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleInitialize, address_out = 0x75caefd7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_awt_windows_WToolkit_eventLoop@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_awt_windows_WToolkit_eventLoop@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_awt_windows_WToolkit_eventLoop@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_awt_windows_WToolkit_eventLoop@8, address_out = 0x6fb71290 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = WaitMessage, address_out = 0x758966bd |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address_out = 0x7588e09a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSysColor, address_out = 0x7589db7a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetStockObject, address_out = 0x75ec5ddf |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = SelectObject, address_out = 0x75ec6640 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextFaceW, address_out = 0x75ecb73a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address_out = 0x75ec7b8f |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetProcessDPIAware, address_out = 0x7589e95c |
|
1 | |
| Get Address | Unknown module name | function = DwmIsCompositionEnabled, address_out = 0x73c61610 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x75ec73ad |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDIBits, address_out = 0x75eca23b |
|
2 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteObject, address_out = 0x75ec5f14 |
|
1 | |
| Get Address | Unknown module name | function = OpenThemeData, address_out = 0x73f973d2 |
|
1 | |
| Get Address | Unknown module name | function = DrawThemeBackground, address_out = 0x73f93982 |
|
1 | |
| Get Address | Unknown module name | function = CloseThemeData, address_out = 0x73f96a18 |
|
1 | |
| Get Address | Unknown module name | function = DrawThemeText, address_out = 0x73f94ea1 |
|
1 | |
| Get Address | Unknown module name | function = GetThemeBackgroundContentRect, address_out = 0x73f9cd2e |
|
1 | |
| Get Address | Unknown module name | function = GetThemeMargins, address_out = 0x73f986e9 |
|
1 | |
| Get Address | Unknown module name | function = IsThemePartDefined, address_out = 0x73f985b4 |
|
1 | |
| Get Address | Unknown module name | function = GetThemeBool, address_out = 0x73f97c1f |
|
1 | |
| Get Address | Unknown module name | function = GetThemeSysBool, address_out = 0x73fc3172 |
|
1 | |
| Get Address | Unknown module name | function = GetThemeColor, address_out = 0x73f9616c |
|
1 | |
| Get Address | Unknown module name | function = GetThemeEnumValue, address_out = 0x73f9616c |
|
1 | |
| Get Address | Unknown module name | function = GetThemeInt, address_out = 0x73f9616c |
|
1 | |
| Get Address | Unknown module name | function = GetThemePosition, address_out = 0x73fc2350 |
|
1 | |
| Get Address | Unknown module name | function = GetThemePartSize, address_out = 0x73f9cdb1 |
|
1 | |
| Get Address | Unknown module name | function = SetWindowTheme, address_out = 0x73fa0134 |
|
1 | |
| Get Address | Unknown module name | function = IsThemeBackgroundPartiallyTransparent, address_out = 0x73f960ab |
|
1 | |
| Get Address | Unknown module name | function = GetThemeTransitionDuration, address_out = 0x73fa1081 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetFriendlyIfIndex, address_out = 0x7338d855 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpAddrTable, address_out = 0x73389bb0 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetAdaptersAddresses, address_out = 0x73386a4d |
|
1 | |
| Get Address | Unknown module name | function = _JNI_OnLoad@8, address_out = 0x738e2194 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_DualStackPlainSocketImpl_close0@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_DualStackPlainSocketImpl_close0@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_DualStackPlainSocketImpl_close0@12, address_out = 0x6fe499e3 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_gc@8, address_out = 0x6fea2caf |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ProcessImpl_closeHandle@16, address_out = 0x6fea8e8b |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PeekMessageW, address_out = 0x7589634a |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\860 | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\860, protection = PAGE_READWRITE, maximum_size = 65536 |
|
1 | |
| Create Mapping | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | filename = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa, protection = PAGE_WRITECOPY, maximum_size = 0 |
|
3 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\860 | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_ALL_ACCESS |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_COPY |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe, desired_access = FILE_MAP_COPY |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | theAwtToolkitWindow | class_name = SunAwtToolkit, wndproc_parameter = 0 |
|
1 |
Keyboard (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
3 | |
| Read | result_out = 1 |
|
1 |
System (498)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 2000 milliseconds (2.000 seconds) |
|
2 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:00 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 23462 |
|
1 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:02 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:05 (UTC) |
|
45 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:06 (UTC) |
|
19 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:07 (UTC) |
|
65 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:08 (UTC) |
|
53 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:09 (UTC) |
|
35 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:10 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:12 (UTC) |
|
15 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:38 (UTC) |
|
86 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:40 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:01 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:03 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:24 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:26 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:47 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:50 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:03 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:11 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:13 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:34 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:36 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:57 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:59 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:00 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:20 (UTC) |
|
17 | |
| Register Hook | type = WH_GETMESSAGE, hookproc_address = 0x6fb71da0 |
|
1 | |
| Get Info | type = Hardware Information |
|
3 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
4 | |
| Get Info | type = Operating System |
|
9 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | - |
|
1 |
Environment (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
2 | |
| Get Environment String | name = _ALT_JAVA_HOME_DIR |
|
1 | |
| Get Environment String | name = JAVA_TOOL_OPTIONS |
|
1 | |
| Get Environment String | name = _JAVA_OPTIONS |
|
1 |
Network Behavior
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = ZgW5tdPu |
|
2 | |
| Resolve Name | host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 |
|
1 |
Process #31: java.exe
3856
3
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe |
| Command Line | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:01, Reason: Child Process |
| Unmonitor | End Time: 00:05:11, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x290 |
| Parent PID | 0x35c (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
268
0x
2B0
0x
350
0x
338
0x
334
0x
660
0x
348
0x
628
0x
32C
0x
4A4
0x
330
0x
79C
0x
5B0
0x
78C
0x
6AC
0x
6E4
0x
74C
0x
274
0x
768
0x
564
0x
784
0x
46C
0x
57C
0x
774
0x
188
0x
318
0x
230
0x
5D8
0x
30C
0x
574
0x
624
0x
718
0x
7A0
0x
274
0x
7AC
0x
7A8
0x
768
0x
64
0x
564
0x
154
0x
784
0x
57C
0x
174
0x
7A4
0x
6AC
0x
180
0x
718
0x
500
0x
228
0x
6D8
0x
2D8
0x
218
0x
64
0x
728
0x
340
0x
638
0x
790
0x
6AC
0x
180
0x
658
0x
718
0x
66C
0x
46C
0x
76C
0x
228
0x
6D8
0x
244
0x
210
0x
260
0x
64
0x
70C
0x
71C
0x
4B4
0x
B0
0x
124
0x
638
0x
778
0x
740
0x
690
0x
768
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000040000 | 0x00040000 | 0x0008ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00092fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x000a0000 | 0x00106fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | - |
|
- |
|
- |
| tzres.dll | 0x00130000 | 0x00130fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000140000 | 0x00140000 | 0x00141fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00156fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x0027ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000280000 | 0x00280000 | 0x00347fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | - |
|
- |
|
- |
| 656 | 0x00360000 | 0x0036ffff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000000370000 | 0x00370000 | 0x0039ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x004d0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000004e0000 | 0x004e0000 | 0x005bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000004e0000 | 0x004e0000 | 0x0055ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0059ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x005bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x006bffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x00ab2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| java.exe | 0x00af0000 | 0x00b1efff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000b20000 | 0x00b20000 | 0x0171ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001720000 | 0x01720000 | 0x0190ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001740000 | 0x01740000 | 0x0178ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001790000 | 0x01790000 | 0x0188ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001890000 | 0x01890000 | 0x018effff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001900000 | 0x01900000 | 0x0190ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001910000 | 0x01910000 | 0x01b1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001910000 | 0x01910000 | 0x019bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000019c0000 | 0x019c0000 | 0x019fffff | Private Memory | - |
|
- |
|
- |
| rsaenh.dll | 0x01a00000 | 0x01a3bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a9ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x01b1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001b20000 | 0x01b20000 | 0x03b1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003b60000 | 0x03b60000 | 0x03baffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003bb0000 | 0x03bb0000 | 0x03bfffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003c90000 | 0x03c90000 | 0x03cdffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003d30000 | 0x03d30000 | 0x03d7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003dd0000 | 0x03dd0000 | 0x03e1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003e90000 | 0x03e90000 | 0x03edffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003f00000 | 0x03f00000 | 0x03f4ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003f80000 | 0x03f80000 | 0x03fcffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000003fd0000 | 0x03fd0000 | 0x041cffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x041d0000 | 0x0449efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000044a0000 | 0x044a0000 | 0x0469ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000044a0000 | 0x044a0000 | 0x045cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000044a0000 | 0x044a0000 | 0x0459ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000045c0000 | 0x045c0000 | 0x045cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004660000 | 0x04660000 | 0x0469ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000046a0000 | 0x046a0000 | 0x0483ffff | Private Memory | - |
|
- |
|
- |
| kernelbase.dll.mui | 0x046a0000 | 0x0475ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000004780000 | 0x04780000 | 0x047cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000004800000 | 0x04800000 | 0x0483ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000236d0000 | 0x236d0000 | 0x28c1ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000028c20000 | 0x28c20000 | 0x336cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000336d0000 | 0x336d0000 | 0x376cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000376d0000 | 0x376d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000376d0000 | 0x376d0000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000376d0000 | 0x376d0000 | 0x37b0ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x376d0000 | 0x37b0ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000037b10000 | 0x37b10000 | 0x380cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000380d0000 | 0x380d0000 | 0x3871ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x380d0000 | 0x3871ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038720000 | 0x38720000 | 0x38ccffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000038cd0000 | 0x38cd0000 | 0x38f3ffff | Private Memory | - |
|
- |
|
- |
| classes.jsa | 0x38cd0000 | 0x38f3ffff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000038f40000 | 0x38f40000 | 0x390cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390d0000 | 0x390d0000 | 0x390dffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000390e0000 | 0x390e0000 | 0x394cffff | Private Memory | - |
|
- |
|
- |
| awt.dll | 0x6fae0000 | 0x6fc22fff | Memory Mapped File | - |
|
- |
|
- |
| net.dll | 0x6fe40000 | 0x6fe53fff | Memory Mapped File | - |
|
- |
|
- |
| sunec.dll | 0x6fe60000 | 0x6fe7ffff | Memory Mapped File | - |
|
- |
|
- |
| zip.dll | 0x6fe80000 | 0x6fe92fff | Memory Mapped File | - |
|
- |
|
- |
| java.dll | 0x6fea0000 | 0x6febffff | Memory Mapped File | - |
|
- |
|
- |
| msvcr100.dll | 0x700e0000 | 0x7019efff | Memory Mapped File | - |
|
- |
|
- |
| winrnr.dll | 0x702b0000 | 0x702b7fff | Memory Mapped File | - |
|
- |
|
- |
| pnrpnsp.dll | 0x702c0000 | 0x702d1fff | Memory Mapped File | - |
|
- |
|
- |
| napinsp.dll | 0x702e0000 | 0x702effff | Memory Mapped File | - |
|
- |
|
- |
| winmm.dll | 0x704a0000 | 0x704d1fff | Memory Mapped File | - |
|
- |
|
- |
| rasadhlp.dll | 0x719f0000 | 0x719f5fff | Memory Mapped File | - |
|
- |
|
- |
| nio.dll | 0x71c10000 | 0x71c1efff | Memory Mapped File | - |
|
- |
|
- |
| verify.dll | 0x71c20000 | 0x71c2bfff | Memory Mapped File | - |
|
- |
|
- |
| jvm.dll | 0x72880000 | 0x72bfffff | Memory Mapped File | - |
|
- |
|
- |
| fwpuclnt.dll | 0x73260000 | 0x73297fff | Memory Mapped File | - |
|
- |
|
- |
| winnsi.dll | 0x73370000 | 0x73376fff | Memory Mapped File | - |
|
- |
|
- |
| iphlpapi.dll | 0x73380000 | 0x7339bfff | Memory Mapped File | - |
|
- |
|
- |
| nlaapi.dll | 0x734e0000 | 0x734effff | Memory Mapped File | - |
|
- |
|
- |
| wsock32.dll | 0x73a30000 | 0x73a36fff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | - |
|
- |
|
- |
| wshtcpip.dll | 0x74710000 | 0x74714fff | Memory Mapped File | - |
|
- |
|
- |
| userenv.dll | 0x747e0000 | 0x747f6fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x749a0000 | 0x749dafff | Memory Mapped File | - |
|
- |
|
- |
| dnsapi.dll | 0x74a80000 | 0x74ac3fff | Memory Mapped File | - |
|
- |
|
- |
| wship6.dll | 0x74bb0000 | 0x74bb5fff | Memory Mapped File | - |
|
- |
|
- |
| mswsock.dll | 0x74bc0000 | 0x74bfbfff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x74c00000 | 0x74c15fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x75080000 | 0x7508bfff | Memory Mapped File | - |
|
- |
|
- |
| profapi.dll | 0x75130000 | 0x7513afff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75480000 | 0x754d6fff | Memory Mapped File | - |
|
- |
|
- |
| psapi.dll | 0x754e0000 | 0x754e4fff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x754f0000 | 0x75508fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x75510000 | 0x7559efff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x75c90000 | 0x75debfff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75df0000 | 0x75e8ffff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76100000 | 0x76105fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x761c0000 | 0x76260fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76fa0000 | 0x76fd4fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
|
For performance reasons, the remaining 62 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive4432003530389164433.vbs | 0.27 KB |
MD5:
a32c109297ed1ca155598cd295c26611
SHA1: dc4a1fdbaad15ddd6fe22d3907c6b03727b71510 SHA256: 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 SSDeep: 6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn |
|
|
| C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\860 | 64.00 KB |
MD5:
fcd6bcb56c1689fcef28b57c22475bad
SHA1: 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961 SHA256: de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31 SSDeep: 3:: |
|
|
Host Behavior
File (2657)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\656 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
4 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\.accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\accessibility.properties | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_OPEN_REPARSE_POINT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create Directory | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | - |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 4120 |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\endorsed | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | type = size, size_out = 829 |
|
1 | |
| Get Info | C:\Windows\Sun\Java\lib\ext\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\access-bridge.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\dnsns.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\jaccess.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\localedata.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = file_attributes |
|
5 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\zipfs.jar | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Sun\Java\lib\ext | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\management\usagetracker.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\resources.jar | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | type = size, size_out = 2190 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\sunrsasign.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\charsets.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jfr.jar | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\classes | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\meta-index | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | type = file_type |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | type = size, size_out = 17824 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\x86\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunec.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\local_policy.jar | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\net.dll | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\nio.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jaxp.properties | type = file_attributes |
|
2 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\awt.dll | type = file_attributes |
|
5 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\swing.properties | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\javaw.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\management.dll | type = file_attributes |
|
1 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\fUTkALeaTxM | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\fUTkALeaTxM\ID.txt | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Get Info | - | type = size, size_out = 47 |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\fUTkALeaTxM\DdWDtpinxpf | type = file_attributes |
|
4 | |
| Get Info | - | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\x86\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunmscapi.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\net.properties | type = file_attributes |
|
2 | |
| Get Info | - | type = size, size_out = 3070 |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
6 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 22, size_out = 22 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 1024, size_out = 1024 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 30, size_out = 30 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 161, size_out = 161 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | size = 4096, size_out = 686 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\i386\jvm.cfg | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | size = 2416, size_out = 2416 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | size = 65536, size_out = 65536 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1781193, size_out = 1781193 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 160, size_out = 160 |
|
526 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 30, size_out = 30 |
|
524 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 709, size_out = 709 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 277, size_out = 277 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2305, size_out = 2305 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1022, size_out = 1022 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2882, size_out = 2882 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 104, size_out = 104 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 728, size_out = 728 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 345, size_out = 345 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 815, size_out = 815 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1105, size_out = 1105 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1761, size_out = 1761 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 514, size_out = 514 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 970, size_out = 970 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2589, size_out = 2589 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1008, size_out = 1008 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2004, size_out = 2004 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 669, size_out = 669 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | size = 8192, size_out = 829 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 962, size_out = 962 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 934, size_out = 934 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1720, size_out = 1720 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1012, size_out = 1012 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3028, size_out = 3028 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1111, size_out = 1111 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2976, size_out = 2976 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1189, size_out = 1189 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2646, size_out = 2646 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 966, size_out = 966 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 800, size_out = 800 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1280, size_out = 1280 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 628, size_out = 628 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 327, size_out = 327 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 12212, size_out = 12212 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 748, size_out = 748 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6630, size_out = 6630 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3392, size_out = 3392 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 6113, size_out = 6113 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2563, size_out = 2563 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 476, size_out = 476 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2703, size_out = 2703 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 753, size_out = 753 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3690, size_out = 3690 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3361, size_out = 3361 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3599, size_out = 3599 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 160, size_out = 160 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 260, size_out = 260 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1899, size_out = 1899 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 678, size_out = 678 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 30, size_out = 30 |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 161, size_out = 161 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1909, size_out = 1909 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 670, size_out = 670 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 762, size_out = 762 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 6113, size_out = 6113 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 160, size_out = 160 |
|
40 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 30, size_out = 30 |
|
39 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 161, size_out = 161 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 263, size_out = 263 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 16, size_out = 16 |
|
26 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 729, size_out = 729 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 17, size_out = 17 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 243, size_out = 243 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 315, size_out = 315 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 437, size_out = 437 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 439, size_out = 439 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 342, size_out = 342 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 802, size_out = 802 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1127, size_out = 1127 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | size = 8192, size_out = 2190 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\meta-index | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 1468, size_out = 1468 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 258, size_out = 258 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2351, size_out = 2351 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 877, size_out = 877 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 645, size_out = 645 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6444, size_out = 6444 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1453, size_out = 1453 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 513, size_out = 513 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4556, size_out = 4556 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | size = 8192, size_out = 8192 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | size = 8192, size_out = 1440 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\java.security | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2345, size_out = 2345 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 7, size_out = 7 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 13694, size_out = 13694 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 160, size_out = 160 |
|
45 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 30, size_out = 30 |
|
45 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1056, size_out = 1056 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3940, size_out = 3940 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5672, size_out = 5672 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 844, size_out = 844 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2601, size_out = 2601 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6732, size_out = 6732 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 732, size_out = 732 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 454, size_out = 454 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 78, size_out = 78 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 457, size_out = 457 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 973, size_out = 973 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 308, size_out = 308 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 381, size_out = 381 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 310, size_out = 310 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3431, size_out = 3431 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 382, size_out = 382 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 281, size_out = 281 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 131, size_out = 131 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5929, size_out = 5929 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 405, size_out = 405 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 182, size_out = 182 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 3, size_out = 3 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 354, size_out = 354 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 645, size_out = 645 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 380, size_out = 380 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 512, size_out = 512 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 6708, size_out = 6708 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 160, size_out = 160 |
|
25 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 30, size_out = 30 |
|
24 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1693, size_out = 1693 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1351, size_out = 1351 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1358, size_out = 1358 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1240, size_out = 1240 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 160, size_out = 160 |
|
12 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 30, size_out = 30 |
|
25 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 590, size_out = 590 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 525, size_out = 525 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1320, size_out = 1320 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2666, size_out = 2666 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 314, size_out = 314 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 951, size_out = 951 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 10594, size_out = 10594 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3882, size_out = 3882 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3549, size_out = 3549 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1381, size_out = 1381 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8211, size_out = 8211 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1075, size_out = 1075 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3695, size_out = 3695 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2117, size_out = 2117 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 346, size_out = 346 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 576, size_out = 576 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 24203, size_out = 24203 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13092, size_out = 13092 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 623, size_out = 623 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3174, size_out = 3174 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2257, size_out = 2257 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1621, size_out = 1621 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2395, size_out = 2395 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 14258, size_out = 14258 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 853, size_out = 853 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 967, size_out = 967 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3914, size_out = 3914 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5828, size_out = 5828 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 12814, size_out = 12814 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4077, size_out = 4077 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2399, size_out = 2399 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2181, size_out = 2181 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2812, size_out = 2812 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 278, size_out = 278 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6713, size_out = 6713 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3217, size_out = 3217 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 265, size_out = 265 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6705, size_out = 6705 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3395, size_out = 3395 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1337, size_out = 1337 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5120, size_out = 5120 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 374, size_out = 374 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1663, size_out = 1663 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4945, size_out = 4945 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2801, size_out = 2801 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2263, size_out = 2263 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4843, size_out = 4843 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2266, size_out = 2266 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3589, size_out = 3589 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2498, size_out = 2498 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2363, size_out = 2363 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 631, size_out = 631 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 866, size_out = 866 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 282, size_out = 282 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3850, size_out = 3850 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 591, size_out = 591 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 907, size_out = 907 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3908, size_out = 3908 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8490, size_out = 8490 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 444, size_out = 444 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1731, size_out = 1731 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4645, size_out = 4645 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 11624, size_out = 11624 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 915, size_out = 915 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 687, size_out = 687 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 11725, size_out = 11725 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1715, size_out = 1715 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1952, size_out = 1952 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1957, size_out = 1957 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1960, size_out = 1960 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1966, size_out = 1966 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 441, size_out = 441 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 723, size_out = 723 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3045, size_out = 3045 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2242, size_out = 2242 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 387, size_out = 387 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6064, size_out = 6064 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1369, size_out = 1369 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4032, size_out = 4032 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1434, size_out = 1434 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 454, size_out = 454 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 5439, size_out = 5439 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 619, size_out = 619 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 10470, size_out = 10470 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 160, size_out = 160 |
|
26 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 30, size_out = 30 |
|
135 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3596, size_out = 3596 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3529, size_out = 3529 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1320, size_out = 1320 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 735, size_out = 735 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4170, size_out = 4170 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 817, size_out = 817 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 331, size_out = 331 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2357, size_out = 2357 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 187, size_out = 187 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3665, size_out = 3665 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 333, size_out = 333 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 2915, size_out = 2915 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 4, size_out = 4 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 128, size_out = 128 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 328, size_out = 328 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 350, size_out = 350 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 160, size_out = 160 |
|
9 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 30, size_out = 30 |
|
9 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 213, size_out = 213 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 1319, size_out = 1319 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 151, size_out = 151 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 92, size_out = 92 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 47, size_out = 47 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 115, size_out = 115 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 502, size_out = 502 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 807, size_out = 807 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 530, size_out = 530 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1987, size_out = 1987 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 706, size_out = 706 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 3777, size_out = 3777 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 3082, size_out = 3082 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4270, size_out = 4270 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8559, size_out = 8559 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6031, size_out = 6031 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 671, size_out = 671 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1961, size_out = 1961 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3287, size_out = 3287 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 383, size_out = 383 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3661, size_out = 3661 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 292, size_out = 292 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 389, size_out = 389 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 411, size_out = 411 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 194, size_out = 194 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 242, size_out = 242 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 1318, size_out = 1318 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 153, size_out = 153 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 883, size_out = 883 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 994, size_out = 994 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 780, size_out = 780 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\security\US_export_policy.jar | size = 206, size_out = 206 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 533, size_out = 533 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 775, size_out = 775 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 301, size_out = 301 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 8192, size_out = 8192 |
|
4 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1137, size_out = 1137 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1486, size_out = 1486 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1009, size_out = 1009 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1052, size_out = 1052 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 269, size_out = 269 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1438, size_out = 1438 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2684, size_out = 2684 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 157, size_out = 157 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 902, size_out = 902 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1516, size_out = 1516 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 925, size_out = 925 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1403, size_out = 1403 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 684, size_out = 684 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2171, size_out = 2171 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1421, size_out = 1421 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 694, size_out = 694 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 171, size_out = 171 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1111, size_out = 1111 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 814, size_out = 814 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 608, size_out = 608 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 677, size_out = 677 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 274, size_out = 274 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1343, size_out = 1343 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 541, size_out = 541 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2912, size_out = 2912 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1249, size_out = 1249 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1311, size_out = 1311 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 265, size_out = 265 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1605, size_out = 1605 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 173, size_out = 173 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 230, size_out = 230 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1133, size_out = 1133 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 321, size_out = 321 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 190, size_out = 190 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3185, size_out = 3185 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4522, size_out = 4522 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 978, size_out = 978 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 672, size_out = 672 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 839, size_out = 839 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1309, size_out = 1309 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1312, size_out = 1312 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 696, size_out = 696 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3200, size_out = 3200 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 207, size_out = 207 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 823, size_out = 823 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 824, size_out = 824 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 349, size_out = 349 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2972, size_out = 2972 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2977, size_out = 2977 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 611, size_out = 611 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 668, size_out = 668 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 283, size_out = 283 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1118, size_out = 1118 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 834, size_out = 834 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 769, size_out = 769 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1478, size_out = 1478 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1298, size_out = 1298 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1655, size_out = 1655 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 984, size_out = 984 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3278, size_out = 3278 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 833, size_out = 833 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1450, size_out = 1450 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1081, size_out = 1081 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 550, size_out = 550 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 922, size_out = 922 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 5457, size_out = 5457 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1143, size_out = 1143 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2597, size_out = 2597 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 325, size_out = 325 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 271, size_out = 271 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1084, size_out = 1084 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4495, size_out = 4495 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1404, size_out = 1404 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 5963, size_out = 5963 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1218, size_out = 1218 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 666, size_out = 666 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2371, size_out = 2371 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1686, size_out = 1686 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1029, size_out = 1029 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 306, size_out = 306 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1459, size_out = 1459 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 282, size_out = 282 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 609, size_out = 609 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3227, size_out = 3227 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3051, size_out = 3051 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 740, size_out = 740 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3619, size_out = 3619 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1138, size_out = 1138 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1529, size_out = 1529 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 559, size_out = 559 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1967, size_out = 1967 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 2579, size_out = 2579 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 621, size_out = 621 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1770, size_out = 1770 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 610, size_out = 610 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 4645, size_out = 4645 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1561, size_out = 1561 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 835, size_out = 835 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 3166, size_out = 3166 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar | size = 1381, size_out = 1381 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1574, size_out = 1574 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 876, size_out = 876 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3003, size_out = 3003 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6397, size_out = 6397 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1251, size_out = 1251 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5080, size_out = 5080 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2520, size_out = 2520 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2709, size_out = 2709 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2124, size_out = 2124 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 718, size_out = 718 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 284, size_out = 284 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 14716, size_out = 14716 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2111, size_out = 2111 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8292, size_out = 8292 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6007, size_out = 6007 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2905, size_out = 2905 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 937, size_out = 937 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 585, size_out = 585 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1544, size_out = 1544 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 12572, size_out = 12572 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1904, size_out = 1904 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2008, size_out = 2008 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 783, size_out = 783 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 19213, size_out = 19213 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 745, size_out = 745 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 332, size_out = 332 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3606, size_out = 3606 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 403, size_out = 403 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9943, size_out = 9943 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 596, size_out = 596 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 612, size_out = 612 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 544, size_out = 544 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 697, size_out = 697 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 604, size_out = 604 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 452, size_out = 452 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 586, size_out = 586 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 525, size_out = 525 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1974, size_out = 1974 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1159, size_out = 1159 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 426, size_out = 426 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7100, size_out = 7100 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 229, size_out = 229 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 366, size_out = 366 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3515, size_out = 3515 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2163, size_out = 2163 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 179, size_out = 179 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 660, size_out = 660 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 1225, size_out = 1225 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 175, size_out = 175 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 367, size_out = 367 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5861, size_out = 5861 |
|
1 | |
| Read | - | size = 4, size_out = 4 |
|
1 | |
| Read | - | size = 128, size_out = 128 |
|
1 | |
| Read | - | size = 33985, size_out = 33985 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3671, size_out = 3671 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 10989, size_out = 10989 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 407, size_out = 407 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9301, size_out = 9301 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 28702, size_out = 28702 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6453, size_out = 6453 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2101, size_out = 2101 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2652, size_out = 2652 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1139, size_out = 1139 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2005, size_out = 2005 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5981, size_out = 5981 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 22809, size_out = 22809 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 536, size_out = 536 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1862, size_out = 1862 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 643, size_out = 643 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 112, size_out = 112 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3932, size_out = 3932 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2027, size_out = 2027 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 31499, size_out = 31499 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 659, size_out = 659 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 375, size_out = 375 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1932, size_out = 1932 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 419, size_out = 419 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1599, size_out = 1599 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 335, size_out = 335 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2771, size_out = 2771 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 831, size_out = 831 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1589, size_out = 1589 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 505, size_out = 505 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7594, size_out = 7594 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 16872, size_out = 16872 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 362, size_out = 362 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 435, size_out = 435 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6262, size_out = 6262 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9824, size_out = 9824 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13080, size_out = 13080 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 26877, size_out = 26877 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 460, size_out = 460 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 302, size_out = 302 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 503, size_out = 503 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 136, size_out = 136 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 17075, size_out = 17075 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1002, size_out = 1002 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1378, size_out = 1378 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2396, size_out = 2396 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1786, size_out = 1786 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1740, size_out = 1740 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2528, size_out = 2528 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4399, size_out = 4399 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9883, size_out = 9883 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 373, size_out = 373 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1114, size_out = 1114 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8460, size_out = 8460 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1477, size_out = 1477 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 872, size_out = 872 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3313, size_out = 3313 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 743, size_out = 743 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2872, size_out = 2872 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4879, size_out = 4879 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2958, size_out = 2958 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2419, size_out = 2419 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 239, size_out = 239 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 401, size_out = 401 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 27718, size_out = 27718 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 557, size_out = 557 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 337, size_out = 337 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 18188, size_out = 18188 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 236, size_out = 236 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 272, size_out = 272 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 850, size_out = 850 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3851, size_out = 3851 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 25359, size_out = 25359 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 251, size_out = 251 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 234, size_out = 234 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3171, size_out = 3171 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1336, size_out = 1336 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1685, size_out = 1685 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 898, size_out = 898 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1204, size_out = 1204 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 16744, size_out = 16744 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 209, size_out = 209 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13269, size_out = 13269 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 25511, size_out = 25511 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8503, size_out = 8503 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1258, size_out = 1258 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 13723, size_out = 13723 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 311, size_out = 311 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 15196, size_out = 15196 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 30281, size_out = 30281 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 192, size_out = 192 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 215, size_out = 215 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 198, size_out = 198 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1163, size_out = 1163 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2019, size_out = 2019 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6137, size_out = 6137 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1243, size_out = 1243 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 15748, size_out = 15748 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 495, size_out = 495 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1363, size_out = 1363 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1523, size_out = 1523 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1236, size_out = 1236 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1129, size_out = 1129 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1795, size_out = 1795 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6907, size_out = 6907 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2460, size_out = 2460 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 10895, size_out = 10895 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 400, size_out = 400 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4773, size_out = 4773 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6236, size_out = 6236 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1694, size_out = 1694 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1297, size_out = 1297 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1415, size_out = 1415 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9480, size_out = 9480 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6808, size_out = 6808 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 618, size_out = 618 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1065, size_out = 1065 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5179, size_out = 5179 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4140, size_out = 4140 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 427, size_out = 427 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 1470, size_out = 1470 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 8192, size_out = 8192 |
|
26 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 5053, size_out = 5053 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 606, size_out = 606 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 490, size_out = 490 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 347, size_out = 347 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2727, size_out = 2727 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 383, size_out = 383 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 593, size_out = 593 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 346, size_out = 346 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 481, size_out = 481 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 803, size_out = 803 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 617, size_out = 617 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 580, size_out = 580 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 455, size_out = 455 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 463, size_out = 463 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 205, size_out = 205 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 212, size_out = 212 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 168, size_out = 168 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 274, size_out = 274 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 332, size_out = 332 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2786, size_out = 2786 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1210, size_out = 1210 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 948, size_out = 948 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2962, size_out = 2962 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 632, size_out = 632 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\accessibility.properties | size = 8192, size_out = 155 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\accessibility.properties | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5468, size_out = 5468 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1825, size_out = 1825 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 809, size_out = 809 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3856, size_out = 3856 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 854, size_out = 854 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2701, size_out = 2701 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2950, size_out = 2950 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1198, size_out = 1198 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2789, size_out = 2789 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1001, size_out = 1001 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 680, size_out = 680 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 976, size_out = 976 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 445, size_out = 445 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1160, size_out = 1160 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2235, size_out = 2235 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 770, size_out = 770 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1938, size_out = 1938 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8084, size_out = 8084 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 340, size_out = 340 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 392, size_out = 392 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4890, size_out = 4890 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 492, size_out = 492 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3846, size_out = 3846 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 9570, size_out = 9570 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 413, size_out = 413 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 203, size_out = 203 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 789, size_out = 789 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 686, size_out = 686 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4445, size_out = 4445 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1980, size_out = 1980 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2783, size_out = 2783 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1518, size_out = 1518 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3082, size_out = 3082 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 569, size_out = 569 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 333, size_out = 333 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4157, size_out = 4157 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 169, size_out = 169 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 543, size_out = 543 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4605, size_out = 4605 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 784, size_out = 784 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2147, size_out = 2147 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 975, size_out = 975 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 497, size_out = 497 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 878, size_out = 878 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1061, size_out = 1061 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 614, size_out = 614 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1183, size_out = 1183 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 326, size_out = 326 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 81, size_out = 81 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 830, size_out = 830 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1179, size_out = 1179 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 781, size_out = 781 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 534, size_out = 534 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 300, size_out = 300 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1462, size_out = 1462 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 409, size_out = 409 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 225, size_out = 225 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 897, size_out = 897 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2301, size_out = 2301 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2443, size_out = 2443 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 827, size_out = 827 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5505, size_out = 5505 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1071, size_out = 1071 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1036, size_out = 1036 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 352, size_out = 352 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1116, size_out = 1116 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1796, size_out = 1796 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Temp\_0.98963488192277293018538009244777557.class | size = 390, size_out = 390 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 448, size_out = 448 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4013, size_out = 4013 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1566, size_out = 1566 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 402, size_out = 402 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1366, size_out = 1366 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 9311, size_out = 9311 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 3572, size_out = 3572 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1619, size_out = 1619 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 2404, size_out = 2404 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 3013, size_out = 3013 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1708, size_out = 1708 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 2879, size_out = 2879 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1285, size_out = 1285 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1398, size_out = 1398 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1090, size_out = 1090 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 3789, size_out = 3789 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 436, size_out = 436 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 792, size_out = 792 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 384, size_out = 384 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1217, size_out = 1217 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 480, size_out = 480 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 622, size_out = 622 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 76, size_out = 76 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 527, size_out = 527 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 4051, size_out = 4051 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 7991, size_out = 7991 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 704, size_out = 704 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8401, size_out = 8401 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 2096, size_out = 2096 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2691, size_out = 2691 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1664, size_out = 1664 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 6028, size_out = 6028 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7832, size_out = 7832 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5512, size_out = 5512 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 949, size_out = 949 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1167, size_out = 1167 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1427, size_out = 1427 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1429, size_out = 1429 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1873, size_out = 1873 |
|
1 | |
| Read | - | size = 8192, size_out = 108 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | - | size = 8192, size_out = 108 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1396, size_out = 1396 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 582, size_out = 582 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 46400, size_out = 46400 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 263, size_out = 263 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 357, size_out = 357 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5472, size_out = 5472 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3241, size_out = 3241 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1886, size_out = 1886 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5529, size_out = 5529 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1188, size_out = 1188 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 213, size_out = 213 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7520, size_out = 7520 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 8446, size_out = 8446 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5830, size_out = 5830 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1929, size_out = 1929 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 519, size_out = 519 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 855, size_out = 855 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 152, size_out = 152 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1206, size_out = 1206 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 7192, size_out = 7192 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 22580, size_out = 22580 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 325, size_out = 325 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2388, size_out = 2388 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1746, size_out = 1746 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 845, size_out = 845 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 14934, size_out = 14934 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 322, size_out = 322 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1032, size_out = 1032 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 773, size_out = 773 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 122, size_out = 122 |
|
1 | |
| Read | - | size = 8192, size_out = 47 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 26461, size_out = 26461 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 4540, size_out = 4540 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1995, size_out = 1995 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1261, size_out = 1261 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4115, size_out = 4115 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2598, size_out = 2598 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 11029, size_out = 11029 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 296, size_out = 296 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1028, size_out = 1028 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 17440, size_out = 17440 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 3033, size_out = 3033 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 861, size_out = 861 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 2660, size_out = 2660 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1444, size_out = 1444 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1192, size_out = 1192 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 7071, size_out = 7071 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2038, size_out = 2038 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 2049, size_out = 2049 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1627, size_out = 1627 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 8760, size_out = 8760 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 3164, size_out = 3164 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 2552, size_out = 2552 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1600, size_out = 1600 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 109, size_out = 109 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 235, size_out = 235 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 2863, size_out = 2863 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 443, size_out = 443 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 837, size_out = 837 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 3196, size_out = 3196 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1262, size_out = 1262 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1812, size_out = 1812 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 240, size_out = 240 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 242, size_out = 242 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 390, size_out = 390 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 1989, size_out = 1989 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunec.jar | size = 734, size_out = 734 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 5122, size_out = 5122 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 285, size_out = 285 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 889, size_out = 889 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3271, size_out = 3271 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 496, size_out = 496 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 23927, size_out = 23927 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1227, size_out = 1227 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 761, size_out = 761 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 107, size_out = 107 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2146, size_out = 2146 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 2114, size_out = 2114 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3293, size_out = 3293 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jce.jar | size = 634, size_out = 634 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 725, size_out = 725 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 859, size_out = 859 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 1326, size_out = 1326 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 4319, size_out = 4319 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 595, size_out = 595 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 626, size_out = 626 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 763, size_out = 763 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 128, size_out = 128 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 2191, size_out = 2191 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 103, size_out = 103 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 160, size_out = 160 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 30, size_out = 30 |
|
5 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 913, size_out = 913 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 852, size_out = 852 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 1319, size_out = 1319 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 1269, size_out = 1269 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar | size = 404, size_out = 404 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1399, size_out = 1399 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 3618, size_out = 3618 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1507, size_out = 1507 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 8099, size_out = 8099 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 964, size_out = 964 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 1312, size_out = 1312 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\jsse.jar | size = 5799, size_out = 5799 |
|
1 | |
| Read | - | size = 8192, size_out = 3070 |
|
1 | |
| Read | - | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\lib\rt.jar | size = 3605, size_out = 3605 |
|
1 | |
| Write | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | size = 281 |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | - |
|
1 | |
| Delete | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | - |
|
1 |
Registry (25)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | - |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | value_name = Desktop, data = C:\Users\2XC7u663GxWc\Desktop, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | value_name = GDIProcessHandleQuota, data = 16 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop | value_name = FontSmoothingOrientation, data = 1 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics | value_name = Shell Icon BPP, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data = Tahoma, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ThemeActive, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = DllName, data = %SystemRoot%\resources\Themes\Aero\Aero.msstyles, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = SizeName, data = NormalSize, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager | value_name = ColorName, data = NormalColor, type = REG_SZ |
|
1 |
Process (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | os_pid = 0x7a0, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | os_pid = 0x624, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | exit_code = 1 |
|
1 | |
| Terminate | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | exit_code = 1 |
|
1 |
Module (426)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\msvcr100.dll | base_address = 0x700e0000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll | base_address = 0x72880000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\verify.dll | base_address = 0x71c20000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.dll | base_address = 0x6fea0000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\zip.dll | base_address = 0x6fe80000 |
|
2 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\sunec.dll | base_address = 0x6fe60000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\net.dll | base_address = 0x6fe40000 |
|
1 | |
| Load | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\awt.dll | - |
|
1 | |
| Load | USER32.dll | base_address = 0x75880000 |
|
1 | |
| Load | COMCTL32.dll | base_address = 0x74110000 |
|
1 | |
| Load | GDI32.dll | base_address = 0x75ec0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x75c90000 |
|
1 | |
| Load | C:\Windows\system32\user32.dll | base_address = 0x75880000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.DLL | base_address = 0x73c60000 |
|
1 | |
| Load | C:\Windows\system32\UXTHEME.DLL | base_address = 0x73f90000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x755a0000 |
|
151 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x75df0000 |
|
3 | |
| Get Handle | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | base_address = 0x72880000 |
|
3 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\java.exe, size = 260 |
|
4 | |
| Get Filename | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\jvm.dll, size = 260 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x755f418d |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x755f1e16 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x755f76e6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x755f1f61 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_CreateJavaVM, address_out = 0x72948e70 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JNI_GetDefaultJavaVMInitArgs, address_out = 0x7293e340 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | address_out = 0x6fea6fcf |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SetSecurityDescriptorControl, address_out = 0x75e17a8b |
|
3 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_Open, address_out = 0x6fe83af6 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_Close, address_out = 0x6fe83a1c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_FindEntry, address_out = 0x6fe83661 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_ReadEntry, address_out = 0x6fe83697 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_ReadMappedEntry, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = ZIP_GetNextEntry, address_out = 0x6fe83622 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = Canonicalize, address_out = 0x6fea5f09 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Object_registerNatives@8, address_out = 0x6fea20dc |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_registerNatives@8, address_out = 0x6fea3035 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_identityHashCode@12, address_out = 0x6fea3050 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Thread_registerNatives@8, address_out = 0x6fea467c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_getStackAccessControlContext@8, address_out = 0x6fea1064 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_getInheritedAccessControlContext@8, address_out = 0x6fea1069 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged@12, address_out = 0x0 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_registerNatives@8, address_out = 0x6fea1498 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2@12, address_out = 0x6fea1000 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_registerNatives@8, address_out = 0x6fea12da |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_getPrimitiveClass@12, address_out = 0x6fea1445 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Float_floatToRawIntBits@12, address_out = 0x6fea20cc |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Double_doubleToRawLongBits@16, address_out = 0x6fea1ce8 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_VM_initialize@8, address_out = 0x6fea87ac |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JVM_GetVersionInfo, address_out = 0x7296d980 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_initProperties@12, address_out = 0x6fea3350 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x755dbe77 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = NewStringPlatform, address_out = 0x6fea6cc9 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_maxMemory@8, address_out = 0x6fea2ca7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Throwable_fillInStackTrace@12, address_out = 0x6fea4697 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_Reflection_getCallerClass@8, address_out = 0x6fea7d85 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_String_intern@8, address_out = 0x6fea12d5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_initIDs@8, address_out = 0x6fea1dd1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileDescriptor_initIDs@8, address_out = 0x6fea1d29 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileDescriptor_set@12, address_out = 0x6fea1d6a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileOutputStream_initIDs@8, address_out = 0x6fea1fbf |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_freeMemory@8, address_out = 0x6fea2c97 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_setIn0@12, address_out = 0x6fea44d1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Object_getClass@8, address_out = 0x6fea20f7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_forName0@20, address_out = 0x6fea1300 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_Reflection_getClassAccessFlags@12, address_out = 0x6fea7da3 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16, address_out = 0x6fea7d71 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_setOut0@12, address_out = 0x6fea4507 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_setErr0@12, address_out = 0x6fea453d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileSystem_getFileSystem@8, address_out = 0x6fea1cfb |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_Win32FileSystem_initIDs@8, address_out = 0x6fea8f36 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_initIDs@8, address_out = 0x6fea9b30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFinalPathNameByHandleW, address_out = 0x755d4e2a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_System_mapLibraryName@12, address_out = 0x6fea4594 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_getBooleanAttributes@12, address_out = 0x6feaa1a8 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_canonicalize0@12, address_out = 0x6fea9e1d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_00024NativeLibrary_load@12, address_out = 0x6fea18e4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_Signal_findSignal@12, address_out = 0x6fea46b5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_Signal_handle0@20, address_out = 0x6fea46ef |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_io_Win32ErrorMode_setErrorMode@16, address_out = 0x6feac3d5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Compiler_registerNatives@8, address_out = 0x6fea1b79 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_isAssignableFrom@12, address_out = 0x6fea141b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_concurrent_atomic_AtomicLong_VMSupportsCS8@8, address_out = 0x6fea83ed |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_00024NativeLibrary_find@12, address_out = 0x6fea1ae7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_security_AccessController_doPrivileged@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2@12, address_out = 0x6fea1032 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_open@12, address_out = 0x6fea1df4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_readBytes@20, address_out = 0x6fea1e2c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_available@8, address_out = 0x6fea1f10 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_reflect_Array_newArray@16, address_out = 0x6fea12ad |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Runtime_availableProcessors@8, address_out = 0x6fea2d11 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_FileInputStream_close0@8, address_out = 0x6fea1fa6 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_list@12, address_out = 0x6feaa570 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_canonicalizeWithPrefix0@16, address_out = 0x6fea9f47 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\client\jvm.dll | function = JVM_FindClassFromBootLoader, address_out = 0x72975a90 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_initIDs@8, address_out = 0x6fe8190b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_WinNTFileSystem_getLastModifiedTime@12, address_out = 0x6feaa314 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_open@28, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_open@28, address_out = 0x6fe81960 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getTotal@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getTotal@16, address_out = 0x6fe81a47 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_startsWithLOC@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_startsWithLOC@16, address_out = 0x6fe81a51 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntry@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntry@24, address_out = 0x6fe81a67 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryFlag@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryFlag@16, address_out = 0x6fe81b65 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryTime@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryTime@16, address_out = 0x6fe81b97 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryCrc@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryCrc@16, address_out = 0x6fe81ba3 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntrySize@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntrySize@16, address_out = 0x6fe81b8a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryCSize@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryCSize@16, address_out = 0x6fe81b6f |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryMethod@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryMethod@16, address_out = 0x6fe81b4f |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getEntryBytes@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getEntryBytes@20, address_out = 0x6fe81bed |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_freeEntry@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_freeEntry@24, address_out = 0x6fe81b2c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_initIDs@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_initIDs@8, address_out = 0x6fe81583 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_init@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_init@12, address_out = 0x6fe8160b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_inflateBytes@28, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_inflateBytes@28, address_out = 0x6fe816f2 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_read@44, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_read@44, address_out = 0x6fe81cba |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_reset@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_reset@16, address_out = 0x6fe818c5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_Inflater_end@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_Inflater_end@16, address_out = 0x6fe818e1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_close@16, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_close@16, address_out = 0x6fe81a5b |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_findLoadedClass0@12, address_out = 0x6fea1876 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_findBootstrapClass@12, address_out = 0x6fea17e7 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged@16, address_out = 0x0 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_security_AccessController_doPrivileged@16, address_out = 0x0 |
|
2 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16, address_out = 0x6fea104a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Package_getSystemPackage0@12, address_out = 0x6fea269c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_jar_JarFile_getMetaInfEntryNames@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_jar_JarFile_getMetaInfEntryNames@8, address_out = 0x6fe81da5 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ClassLoader_defineClass1@32, address_out = 0x6fea150c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = VerifyClassCodesForMajorVersion, address_out = 0x6fea4724 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2@16, address_out = 0x6fea1018 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_io_ObjectStreamClass_initNative@8, address_out = 0x6fea25ca |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_misc_VM_latestUserDefinedLoader@8, address_out = 0x6fea87a0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Class_isInstance@12, address_out = 0x6fea13f8 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20, address_out = 0x6fea7d59 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_Double_longBitsToDouble@16, address_out = 0x6fea1cd0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = _JNI_OnLoad@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\sunec.dll | function = JNI_OnLoad, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_ZipFile_getNextEntry@20, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_ZipFile_getNextEntry@20, address_out = 0x6fe81b3e |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _JNI_OnLoad@8, address_out = 0x6fe43379 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_InetAddress_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_InetAddress_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_InetAddress_init@8, address_out = 0x6fe410b4 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_InetAddressImplFactory_isIPv6Supported@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_InetAddressImplFactory_isIPv6Supported@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_InetAddressImplFactory_isIPv6Supported@8, address_out = 0x6fe421d1 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet6AddressImpl_getLocalHostName@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet6AddressImpl_getLocalHostName@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet6AddressImpl_getLocalHostName@8, address_out = 0x6fe427ad |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12, address_out = 0x6fe4280a |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet4Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet4Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet4Address_init@8, address_out = 0x6fe411ac |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_net_Inet6Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_net_Inet6Address_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_java_net_Inet6Address_init@8, address_out = 0x6fe411ed |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_lang_ref_Finalizer_invokeFinalizeMethod@12, address_out = 0x6fea207c |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_java_util_zip_CRC32_updateBytes@24, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_java_util_zip_CRC32_updateBytes@24, address_out = 0x6fe8101e |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | address_out = 0x7588df8d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardLayout, address_out = 0x75893800 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDoubleClickTime, address_out = 0x7588ade0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSystemMetrics, address_out = 0x758967cf |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = MapVirtualKeyExW, address_out = 0x758afb48 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = ToAsciiEx, address_out = 0x758cb797 |
|
13 | |
| Get Address | c:\windows\system32\user32.dll | function = GetKeyboardState, address_out = 0x758b6946 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClipboardFormatW, address_out = 0x7588df8d |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\zip.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\net.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\nio.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x0 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\awt.dll | function = _Java_sun_awt_windows_WToolkit_init@8, address_out = 0x6fb72210 |
|
1 | |
| Get Address | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitCommonControlsEx, address_out = 0x741309ce |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = LoadIconW, address_out = 0x7588f142 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClassW, address_out = 0x7588ed4a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetDC, address_out = 0x7589544c |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address_out = 0x75ec6f7f |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = ReleaseDC, address_out = 0x75895421 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CreateWindowExW, address_out = 0x7588ec7c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcW, address_out = 0x7589507d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address_out = 0x7588e30c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = OleInitialize, address_out = 0x75caefd7 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address_out = 0x7588e09a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetSysColor, address_out = 0x7589db7a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetStockObject, address_out = 0x75ec5ddf |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = SelectObject, address_out = 0x75ec6640 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextFaceW, address_out = 0x75ecb73a |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address_out = 0x75ec7b8f |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetProcessDPIAware, address_out = 0x7589e95c |
|
1 | |
| Get Address | Unknown module name | function = DwmIsCompositionEnabled, address_out = 0x73c61610 |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x75ec73ad |
|
1 | |
| Get Address | c:\windows\system32\gdi32.dll | function = GetDIBits, address_out = 0x75eca23b |
|
2 | |
| Get Address | c:\windows\system32\gdi32.dll | function = DeleteObject, address_out = 0x75ec5f14 |
|
1 | |
| Get Address | Unknown module name | function = OpenThemeData, address_out = 0x73f973d2 |
|
1 | |
| Get Address | Unknown module name | function = DrawThemeBackground, address_out = 0x73f93982 |
|
1 | |
| Get Address | Unknown module name | function = CloseThemeData, address_out = 0x73f96a18 |
|
1 | |
| Get Address | Unknown module name | function = DrawThemeText, address_out = 0x73f94ea1 |
|
1 | |
| Get Address | Unknown module name | function = GetThemeBackgroundContentRect, address_out = 0x73f9cd2e |
|
1 | |
| Get Address | Unknown module name | function = GetThemeMargins, address_out = 0x73f986e9 |
|
1 | |
| Get Address | Unknown module name | function = IsThemePartDefined, address_out = 0x73f985b4 |
|
1 | |
| Get Address | Unknown module name | function = GetThemeBool, address_out = 0x73f97c1f |
|
1 | |
| Get Address | Unknown module name | function = GetThemeSysBool, address_out = 0x73fc3172 |
|
1 | |
| Get Address | Unknown module name | function = GetThemeColor, address_out = 0x73f9616c |
|
1 | |
| Get Address | Unknown module name | function = GetThemeEnumValue, address_out = 0x73f9616c |
|
1 | |
| Get Address | Unknown module name | function = GetThemeInt, address_out = 0x73f9616c |
|
1 | |
| Get Address | Unknown module name | function = GetThemePosition, address_out = 0x73fc2350 |
|
1 | |
| Get Address | Unknown module name | function = GetThemePartSize, address_out = 0x73f9cdb1 |
|
1 | |
| Get Address | Unknown module name | function = SetWindowTheme, address_out = 0x73fa0134 |
|
1 | |
| Get Address | Unknown module name | function = IsThemeBackgroundPartiallyTransparent, address_out = 0x73f960ab |
|
1 | |
| Get Address | Unknown module name | function = GetThemeTransitionDuration, address_out = 0x73fa1081 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetFriendlyIfIndex, address_out = 0x7338d855 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpAddrTable, address_out = 0x73389bb0 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetAdaptersAddresses, address_out = 0x73386a4d |
|
1 | |
| Get Address | Unknown module name | function = _JNI_OnLoad@8, address_out = 0x738e2194 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = PeekMessageW, address_out = 0x7589634a |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\656 | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\656, protection = PAGE_READWRITE, maximum_size = 65536 |
|
1 | |
| Create Mapping | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | filename = C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa, protection = PAGE_WRITECOPY, maximum_size = 0 |
|
3 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\\hsperfdata_2XC7u663GxWc\656 | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, desired_access = FILE_MAP_ALL_ACCESS |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, desired_access = FILE_MAP_COPY |
|
1 | |
| Map | C:\Users\2XC7u663GxWc\AppData\Roaming\Oracle\bin\client\classes.jsa | process_name = c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe, desired_access = FILE_MAP_COPY |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | theAwtToolkitWindow | class_name = SunAwtToolkit, wndproc_parameter = 0 |
|
1 |
Keyboard (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
3 | |
| Read | result_out = 1 |
|
1 |
System (715)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 2000 milliseconds (2.000 seconds) |
|
1 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:07 (UTC) |
|
3 | |
| Get Time | type = Ticks, time = 30295 |
|
1 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:08 (UTC) |
|
55 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:09 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:10 (UTC) |
|
14 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:11 (UTC) |
|
38 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:12 (UTC) |
|
13 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:13 (UTC) |
|
6 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:14 (UTC) |
|
40 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:16 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:17 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:19 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:20 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:22 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:27 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:30 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:31 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:33 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:34 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:36 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:37 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:39 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:40 (UTC) |
|
16 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:42 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:43 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:45 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:46 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:48 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:49 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:51 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:52 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:54 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:55 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:57 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:51:58 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:00 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:01 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:03 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:05 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:07 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:08 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:10 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:11 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:13 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:14 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:16 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:17 (UTC) |
|
11 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:19 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:20 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:22 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:23 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:25 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:26 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:28 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:29 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:31 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:32 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:35 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:36 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:38 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:39 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:41 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:42 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:44 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:45 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:47 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:48 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:50 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:51 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:53 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:54 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:56 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:57 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:52:59 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:00 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:02 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:03 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:04 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:06 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:07 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:09 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:10 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:12 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:13 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:15 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:16 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:18 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:19 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:21 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:22 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:24 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:25 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:27 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:28 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:30 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:31 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:33 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:34 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:36 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:37 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:38 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:40 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:41 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:43 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:44 (UTC) |
|
9 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:46 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:47 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:49 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:50 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:52 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:53 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:55 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:56 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:58 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:53:59 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:01 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:02 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:04 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:05 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:07 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:08 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:09 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:11 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:12 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:14 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:15 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:17 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:18 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:20 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2018-07-19 09:54:21 (UTC) |
|
5 | |
| Register Hook | type = WH_GETMESSAGE, hookproc_address = 0x6fb71da0 |
|
1 | |
| Get Info | type = Hardware Information |
|
3 | |
| Get Info | type = Operating System |
|
3 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
4 | |
| Get Info | type = Operating System |
|
9 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | - |
|
1 |
Environment (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
2 | |
| Get Environment String | name = _ALT_JAVA_HOME_DIR |
|
1 | |
| Get Environment String | name = JAVA_TOOL_OPTIONS |
|
1 | |
| Get Environment String | name = _JAVA_OPTIONS |
|
1 |
Network Behavior
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = ZgW5tdPu |
|
2 | |
| Resolve Name | host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 |
|
1 |
Process #32: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:05, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x558 |
| Parent PID | 0x35c (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
718
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x001effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x00200000 | 0x00202fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002affff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x002b0000 | 0x002d1fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000370000 | 0x00370000 | 0x0046ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x00537fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000540000 | 0x00540000 | 0x00640fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000650000 | 0x00650000 | 0x0124ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001250000 | 0x01250000 | 0x014dafff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x014e0000 | 0x017aefff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a710000 | 0x4a75bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6fad0000 | 0x6fad6fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x7a4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a710000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x755dac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x755e3ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x755f2732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-05 14:07:09 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 32167 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #33: cscript.exe
93
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:05, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7a4 |
| Parent PID | 0x558 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
46C
0x
7A0
0x
79C
0x
78C
0x
784
0x
6B4
0x
6B0
0x
6AC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00100000 | 0x0010bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000120000 | 0x00120000 | 0x00120fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0022ffff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00230000 | 0x0028bfff | Memory Mapped File | - |
|
- |
|
- |
| retrive1360789152958718586.vbs | 0x00230000 | 0x00230fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00230000 | 0x0026bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
- |
|
- |
| retrive1360789152958718586.vbs | 0x00240000 | 0x00240fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00240000 | 0x0024efff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x002b0000 | 0x002d1fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x0049ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x00567fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0060ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000610000 | 0x00610000 | 0x00710fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000720000 | 0x00720000 | 0x0131ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001320000 | 0x01320000 | 0x0141ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001420000 | 0x01420000 | 0x014fefff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001560000 | 0x01560000 | 0x0165ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01660000 | 0x0192efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001970000 | 0x01970000 | 0x01a6ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001a80000 | 0x01a80000 | 0x01b7ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001b80000 | 0x01b80000 | 0x01f7ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001f80000 | 0x01f80000 | 0x0212ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001f80000 | 0x01f80000 | 0x0207ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002120000 | 0x02120000 | 0x0212ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002260000 | 0x02260000 | 0x0232ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002330000 | 0x02330000 | 0x0241ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002440000 | 0x02440000 | 0x0253ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x0264ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002660000 | 0x02660000 | 0x0275ffff | Private Memory | - |
|
- |
|
- |
| wbemdisp.dll | 0x6f9c0000 | 0x6f9f0fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x6fa00000 | 0x6fa2cfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x6fa30000 | 0x6fa45fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x6fa50000 | 0x6fa57fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6fa60000 | 0x6facafff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x709f0000 | 0x70a06fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70ae0000 | 0x70aeefff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x70f40000 | 0x70f9bfff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x72c00000 | 0x72c83fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x73c60000 | 0x73c72fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73f90000 | 0x73fcffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74680000 | 0x74688fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x749a0000 | 0x749dafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x74c00000 | 0x74c15fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x75080000 | 0x7508bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x75090000 | 0x750eefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x75120000 | 0x7512dfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x751a0000 | 0x751abfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x751b0000 | 0x752ccfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x752d0000 | 0x752fcfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75480000 | 0x754d6fff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x754f0000 | 0x75508fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x75510000 | 0x7559efff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x75c90000 | 0x75debfff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75df0000 | 0x75e8ffff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x76060000 | 0x760e2fff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76100000 | 0x76105fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x761c0000 | 0x76260fff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x76350000 | 0x76f99fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76fa0000 | 0x76fd4fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | size = 276, size_out = 276 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 196, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 104, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 104, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 16, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 16, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Load | ole32.dll | base_address = 0x75c90000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75df0000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0x2b0000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x755f4157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x75cd9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x75e12102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x75e13352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x75e13825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x75cd6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x75c9cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x75dfca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x75c9c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs, protection = PAGE_READONLY, maximum_size = 276 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1360789152958718586.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 6300448 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 6300448 |
|
1 |
System (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:09 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 32229 |
|
1 | |
| Get Time | type = Ticks, time = 32292 |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #35: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:05, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x42c |
| Parent PID | 0x35c (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\javaw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
134
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0015ffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x00160000 | 0x001c6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x002fffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000300000 | 0x00300000 | 0x003c7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003dffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x004e0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000004f0000 | 0x004f0000 | 0x010effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000010f0000 | 0x010f0000 | 0x0137afff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01380000 | 0x0164efff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x01650000 | 0x01671fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x01680000 | 0x01682fff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a710000 | 0x4a75bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x6fac0000 | 0x6fac6fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x174, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a710000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x755dac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x755e3ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x755f2732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-05 14:07:09 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 32557 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #36: cscript.exe
92
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:05, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x174 |
| Parent PID | 0x42c (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
15C
0x
230
0x
574
0x
30C
0x
76C
0x
774
0x
778
0x
640
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x001d7fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe | 0x001e0000 | 0x001ebfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000200000 | 0x00200000 | 0x00200fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000310000 | 0x00310000 | 0x00410fff | Pagefile Backed Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00420000 | 0x0047bfff | Memory Mapped File | - |
|
- |
|
- |
| retrive3549377093237930864.vbs | 0x00420000 | 0x00420fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00420000 | 0x0045bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x0042ffff | Private Memory | - |
|
- |
|
- |
| retrive3549377093237930864.vbs | 0x00430000 | 0x00430fff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.tlb | 0x00430000 | 0x0043efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000004f0000 | 0x004f0000 | 0x005effff | Private Memory | - |
|
- |
|
- |
| private_0x00000000005f0000 | 0x005f0000 | 0x0073ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x006cefff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000700000 | 0x00700000 | 0x0073ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000760000 | 0x00760000 | 0x0085ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x00860000 | 0x00b2efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000b80000 | 0x00b80000 | 0x00c7ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00daffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000db0000 | 0x00db0000 | 0x00eaffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00ec0000 | 0x00ee1fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000ef0000 | 0x00ef0000 | 0x01aeffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001af0000 | 0x01af0000 | 0x01eeffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x0202ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01feffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x0202ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002040000 | 0x02040000 | 0x0213ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x0232ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x0227ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x0223ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002240000 | 0x02240000 | 0x0227ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002320000 | 0x02320000 | 0x0232ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002410000 | 0x02410000 | 0x0250ffff | Private Memory | - |
|
- |
|
- |
| wbemdisp.dll | 0x6f9a0000 | 0x6f9d0fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x6f9e0000 | 0x6fa0cfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x6fa10000 | 0x6fa25fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x6fa50000 | 0x6fabafff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x6fad0000 | 0x6fad7fff | Memory Mapped File | - |
|
- |
|
- |
| wmiutils.dll | 0x709f0000 | 0x70a06fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70ae0000 | 0x70aeefff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x70f40000 | 0x70f9bfff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x72c00000 | 0x72c83fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x73c60000 | 0x73c72fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73f90000 | 0x73fcffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74680000 | 0x74688fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x749a0000 | 0x749dafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x74c00000 | 0x74c15fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x75080000 | 0x7508bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x75090000 | 0x750eefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x75120000 | 0x7512dfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x751a0000 | 0x751abfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x751b0000 | 0x752ccfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x752d0000 | 0x752fcfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75480000 | 0x754d6fff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x754f0000 | 0x75508fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x75510000 | 0x7559efff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x75c90000 | 0x75debfff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75df0000 | 0x75e8ffff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x76060000 | 0x760e2fff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76100000 | 0x76105fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x761c0000 | 0x76260fff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x76350000 | 0x76f99fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76fa0000 | 0x76fd4fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | size = 281, size_out = 281 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 132, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 132, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 132, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 89, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 89, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 208, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 208, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Load | ole32.dll | base_address = 0x75c90000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75df0000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0xec0000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x755f4157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x75cd9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x75e12102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x75e13352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x75e13825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x75cd6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x75c9cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x75dfca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x75c9c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs, protection = PAGE_READONLY, maximum_size = 281 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive3549377093237930864.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 1057568 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 1057568 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:09 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 32604 |
|
1 | |
| Get Time | type = Ticks, time = 32651 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #37: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:07, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7a0 |
| Parent PID | 0x290 (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
784
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x00090000 | 0x00092fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x001affff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x001b0000 | 0x001d1fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x002effff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x002f0000 | 0x00356fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000360000 | 0x00360000 | 0x00427fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000510000 | 0x00510000 | 0x0051ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000520000 | 0x00520000 | 0x00620fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000630000 | 0x00630000 | 0x0122ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001230000 | 0x01230000 | 0x014bafff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x014c0000 | 0x0178efff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a540000 | 0x4a58bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x738d0000 | 0x738d6fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x718, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a540000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x755dac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x755e3ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x755f2732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-05 14:07:11 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 34585 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #38: cscript.exe
93
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:07, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x718 |
| Parent PID | 0x7a0 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
790
0x
274
0x
544
0x
74C
0x
768
0x
564
0x
638
0x
6D0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00040000 | 0x000a6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x000d0000 | 0x000d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x001fffff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00200000 | 0x0025bfff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x00200000 | 0x0020bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000210000 | 0x00210000 | 0x00210fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000220000 | 0x00220000 | 0x00220fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive7366168634408503799.vbs | 0x00230000 | 0x00230fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00230000 | 0x0026bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
- |
|
- |
| retrive7366168634408503799.vbs | 0x00240000 | 0x00240fff | Memory Mapped File | r |
|
|
|
|
| wbemdisp.tlb | 0x00240000 | 0x0024efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x0027ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x0039ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x00467fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x00570fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000580000 | 0x00580000 | 0x006affff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000580000 | 0x00580000 | 0x0065efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000670000 | 0x00670000 | 0x006affff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000770000 | 0x00770000 | 0x0086ffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x00870000 | 0x00891fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000008a0000 | 0x008a0000 | 0x0149ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x014a0000 | 0x0176efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000001780000 | 0x01780000 | 0x0187ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001960000 | 0x01960000 | 0x01a5ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001ad0000 | 0x01ad0000 | 0x01bcffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000001bd0000 | 0x01bd0000 | 0x01fcffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x020bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000020c0000 | 0x020c0000 | 0x021bffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000021c0000 | 0x021c0000 | 0x022affff | Private Memory | - |
|
- |
|
- |
| private_0x00000000022b0000 | 0x022b0000 | 0x0241ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002420000 | 0x02420000 | 0x0251ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002580000 | 0x02580000 | 0x0267ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002820000 | 0x02820000 | 0x0291ffff | Private Memory | - |
|
- |
|
- |
| wmiutils.dll | 0x709f0000 | 0x70a06fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70ae0000 | 0x70aeefff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x70f40000 | 0x70f9bfff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x72780000 | 0x727b0fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x727c0000 | 0x727ecfff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x727f0000 | 0x72873fff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x72c00000 | 0x72c15fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x72c20000 | 0x72c8afff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x738c0000 | 0x738c7fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x73c60000 | 0x73c72fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73f90000 | 0x73fcffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74680000 | 0x74688fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x749a0000 | 0x749dafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x74c00000 | 0x74c15fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x75080000 | 0x7508bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x75090000 | 0x750eefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x75120000 | 0x7512dfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x751a0000 | 0x751abfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x751b0000 | 0x752ccfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x752d0000 | 0x752fcfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75480000 | 0x754d6fff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x754f0000 | 0x75508fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x75510000 | 0x7559efff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x75c90000 | 0x75debfff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75df0000 | 0x75e8ffff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x76060000 | 0x760e2fff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76100000 | 0x76105fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x761c0000 | 0x76260fff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x76350000 | 0x76f99fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76fa0000 | 0x76fd4fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from AntiVirusProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | size = 276, size_out = 276 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 228, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 148, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 148, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 48, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 48, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Load | ole32.dll | base_address = 0x75c90000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75df0000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0x870000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x755f4157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x75cd9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x75e12102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x75e13352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x75e13825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x75cd6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x75c9cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x75dfca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x75c9c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs, protection = PAGE_READONLY, maximum_size = 276 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive7366168634408503799.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 2564896 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 2564896 |
|
1 |
System (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:11 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 34647 |
|
1 | |
| Get Time | type = Ticks, time = 34694 |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
Process #39: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /C cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:08, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x624 |
| Parent PID | 0x290 (c:\users\2xc7u663gxwc\appdata\roaming\oracle\bin\java.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
5D8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | - |
|
- |
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x00187fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00196fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a1fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | - |
|
- |
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | - |
|
- |
|
- |
| cscript.exe.mui | 0x001d0000 | 0x001d2fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x002dffff | Private Memory | - |
|
- |
|
- |
| cscript.exe | 0x002e0000 | 0x00301fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000490000 | 0x00490000 | 0x00590fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000650000 | 0x00650000 | 0x0065ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000660000 | 0x00660000 | 0x0125ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000001260000 | 0x01260000 | 0x014eafff | Pagefile Backed Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x014f0000 | 0x017befff | Memory Mapped File | - |
|
- |
|
- |
| cmd.exe | 0x4a540000 | 0x4a58bfff | Memory Mapped File | - |
|
- |
|
- |
| winbrand.dll | 0x738c0000 | 0x738c6fff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | cscript.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cscript.exe | os_pid = 0x640, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a540000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x755dac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x755e3ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x755f2732 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-05 14:07:12 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 34944 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #40: cscript.exe
92
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | cscript.exe C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:08, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x640 |
| Parent PID | 0x624 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
230
0x
76C
0x
774
0x
778
0x
15C
0x
188
0x
318
0x
6B0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | - |
|
- |
|
- |
| cscript.exe | 0x00040000 | 0x00061fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00076fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000080000 | 0x00080000 | 0x00081fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | - |
|
- |
|
- |
| locale.nls | 0x00190000 | 0x001f6fff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe.mui | 0x00200000 | 0x00202fff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | - |
|
- |
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | - |
|
- |
|
- |
| rpcss.dll | 0x00230000 | 0x0028bfff | Memory Mapped File | - |
|
- |
|
- |
| cscript.exe | 0x00230000 | 0x0023bfff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x0000000000240000 | 0x00240000 | 0x00240fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | - |
|
- |
|
- |
| retrive1162148989861803484.vbs | 0x00260000 | 0x00260fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x00260000 | 0x0029bfff | Memory Mapped File | - |
|
- |
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0026ffff | Private Memory | - |
|
- |
|
- |
| retrive1162148989861803484.vbs | 0x00270000 | 0x00270fff | Memory Mapped File | r |
|
|
|
|
| wbemdisp.tlb | 0x00270000 | 0x0027efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x0039ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x00467fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x0054efff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x0000000000580000 | 0x00580000 | 0x00680fff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x0000000000690000 | 0x00690000 | 0x0128ffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001290000 | 0x01290000 | 0x0143ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000012c0000 | 0x012c0000 | 0x013bffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001400000 | 0x01400000 | 0x0143ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001490000 | 0x01490000 | 0x0158ffff | Private Memory | - |
|
- |
|
- |
| sortdefault.nls | 0x01590000 | 0x0185efff | Memory Mapped File | - |
|
- |
|
- |
| private_0x00000000018e0000 | 0x018e0000 | 0x019dffff | Private Memory | - |
|
- |
|
- |
| pagefile_0x00000000019e0000 | 0x019e0000 | 0x01ddffff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01fcffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x0214ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x020cffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x0214ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002150000 | 0x02150000 | 0x0226ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002270000 | 0x02270000 | 0x0247ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002270000 | 0x02270000 | 0x0236ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002440000 | 0x02440000 | 0x0247ffff | Private Memory | - |
|
- |
|
- |
| private_0x0000000002570000 | 0x02570000 | 0x0266ffff | Private Memory | - |
|
- |
|
- |
| private_0x00000000027e0000 | 0x027e0000 | 0x028dffff | Private Memory | - |
|
- |
|
- |
| wmiutils.dll | 0x709f0000 | 0x70a06fff | Memory Mapped File | - |
|
- |
|
- |
| wbemsvc.dll | 0x70ae0000 | 0x70aeefff | Memory Mapped File | - |
|
- |
|
- |
| wbemprox.dll | 0x70d40000 | 0x70d49fff | Memory Mapped File | - |
|
- |
|
- |
| ntdsapi.dll | 0x70d50000 | 0x70d67fff | Memory Mapped File | - |
|
- |
|
- |
| fastprox.dll | 0x70d70000 | 0x70e05fff | Memory Mapped File | - |
|
- |
|
- |
| wbemcomn.dll | 0x70f40000 | 0x70f9bfff | Memory Mapped File | - |
|
- |
|
- |
| comctl32.dll | 0x72780000 | 0x72803fff | Memory Mapped File | - |
|
- |
|
- |
| vbscript.dll | 0x72810000 | 0x7287afff | Memory Mapped File | - |
|
- |
|
- |
| wbemdisp.dll | 0x72c00000 | 0x72c30fff | Memory Mapped File | - |
|
- |
|
- |
| scrobj.dll | 0x72c40000 | 0x72c6cfff | Memory Mapped File | - |
|
- |
|
- |
| wshext.dll | 0x72c70000 | 0x72c85fff | Memory Mapped File | - |
|
- |
|
- |
| msisip.dll | 0x738d0000 | 0x738d7fff | Memory Mapped File | - |
|
- |
|
- |
| dwmapi.dll | 0x73c60000 | 0x73c72fff | Memory Mapped File | - |
|
- |
|
- |
| uxtheme.dll | 0x73f90000 | 0x73fcffff | Memory Mapped File | - |
|
- |
|
- |
| version.dll | 0x74680000 | 0x74688fff | Memory Mapped File | - |
|
- |
|
- |
| rsaenh.dll | 0x749a0000 | 0x749dafff | Memory Mapped File | - |
|
- |
|
- |
| cryptsp.dll | 0x74c00000 | 0x74c15fff | Memory Mapped File | - |
|
- |
|
- |
| cryptbase.dll | 0x75080000 | 0x7508bfff | Memory Mapped File | - |
|
- |
|
- |
| sxs.dll | 0x75090000 | 0x750eefff | Memory Mapped File | - |
|
- |
|
- |
| rpcrtremote.dll | 0x75120000 | 0x7512dfff | Memory Mapped File | - |
|
- |
|
- |
| msasn1.dll | 0x751a0000 | 0x751abfff | Memory Mapped File | - |
|
- |
|
- |
| crypt32.dll | 0x751b0000 | 0x752ccfff | Memory Mapped File | - |
|
- |
|
- |
| wintrust.dll | 0x752d0000 | 0x752fcfff | Memory Mapped File | - |
|
- |
|
- |
| kernelbase.dll | 0x753e0000 | 0x75429fff | Memory Mapped File | - |
|
- |
|
- |
| shlwapi.dll | 0x75480000 | 0x754d6fff | Memory Mapped File | - |
|
- |
|
- |
| sechost.dll | 0x754f0000 | 0x75508fff | Memory Mapped File | - |
|
- |
|
- |
| oleaut32.dll | 0x75510000 | 0x7559efff | Memory Mapped File | - |
|
- |
|
- |
| kernel32.dll | 0x755a0000 | 0x75673fff | Memory Mapped File | - |
|
- |
|
- |
| user32.dll | 0x75880000 | 0x75948fff | Memory Mapped File | - |
|
- |
|
- |
| usp10.dll | 0x75950000 | 0x759ecfff | Memory Mapped File | - |
|
- |
|
- |
| ole32.dll | 0x75c90000 | 0x75debfff | Memory Mapped File | - |
|
- |
|
- |
| advapi32.dll | 0x75df0000 | 0x75e8ffff | Memory Mapped File | - |
|
- |
|
- |
| gdi32.dll | 0x75ec0000 | 0x75f0dfff | Memory Mapped File | - |
|
- |
|
- |
| lpk.dll | 0x75f10000 | 0x75f19fff | Memory Mapped File | - |
|
- |
|
- |
| clbcatq.dll | 0x76060000 | 0x760e2fff | Memory Mapped File | - |
|
- |
|
- |
| nsi.dll | 0x76100000 | 0x76105fff | Memory Mapped File | - |
|
- |
|
- |
| msvcrt.dll | 0x76110000 | 0x761bbfff | Memory Mapped File | - |
|
- |
|
- |
| rpcrt4.dll | 0x761c0000 | 0x76260fff | Memory Mapped File | - |
|
- |
|
- |
| shell32.dll | 0x76350000 | 0x76f99fff | Memory Mapped File | - |
|
- |
|
- |
| ws2_32.dll | 0x76fa0000 | 0x76fd4fff | Memory Mapped File | - |
|
- |
|
- |
| ntdll.dll | 0x76fe0000 | 0x7711bfff | Memory Mapped File | - |
|
- |
|
- |
| imm32.dll | 0x77120000 | 0x7713efff | Memory Mapped File | - |
|
- |
|
- |
| msctf.dll | 0x77140000 | 0x7720bfff | Memory Mapped File | - |
|
- |
|
- |
| apisetschema.dll | 0x77220000 | 0x77220fff | Memory Mapped File | - |
|
- |
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | - |
|
- |
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | - |
|
- |
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | - |
|
- |
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | - |
|
- |
|
- |
Host Behavior
COM (11)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | B54F3741-5B07-11CF-A4B0-00AA004A55E8 | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | 6C736DB1-BD94-11D0-8A23-00AA00B58E10 | 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 06290BD1-48AA-11D2-8432-006008C3FBFC | E4D1C9B0-46E8-11D4-A2A6-00104BD35090 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | WbemDefaultPathParser | IWbemPath | cls_context = CLSCTX_INPROC_SERVER |
|
5 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = Select * from FirewallProduct |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | type = size |
|
1 | |
| Get Info | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | size = 281, size_out = 281 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 |
Registry (29)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\.vbs | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 116, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 116, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 116, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 67, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 237, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data = 67, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\.vbs | data = VBSFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data = VBScript, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting | value_name = Default Impersonation Level, data = 3 |
|
1 |
Module (19)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x755a0000 |
|
2 | |
| Load | ole32.dll | base_address = 0x75c90000 |
|
1 | |
| Load | C:\Windows\system32\advapi32.dll | base_address = 0x75df0000 |
|
2 | |
| Get Handle | c:\windows\system32\cscript.exe | base_address = 0x40000 |
|
1 | |
| Get Filename | c:\windows\system32\cscript.exe | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\system32\cscript.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x755f24c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x755f4157 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x75cd9d0b |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address_out = 0x75e12102 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address_out = 0x75e13352 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address_out = 0x75e13825 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateBindCtx, address_out = 0x75cd6d2c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = MkParseDisplayName, address_out = 0x75c9cea9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x75dfca24 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = BindMoniker, address_out = 0x75c9c6a7 |
|
1 | |
| Create Mapping | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | filename = C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs, protection = PAGE_READONLY, maximum_size = 281 |
|
1 | |
| Map | C:\Users\2XC7U6~1\AppData\Local\Temp\Retrive1162148989861803484.vbs | process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WSH-Timer, wndproc_parameter = 5710624 |
|
1 | |
| Set Attribute | - | class_name = WSH-Timer, index = 18446744073709551595, new_long = 5710624 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Time | type = System Time, time = 1627-02-05 14:07:12 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 34991 |
|
1 | |
| Get Time | type = Ticks, time = 35037 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = Hardware Information |
|
1 |
